WordPress is likely the most popular website framework used on the web
today. With over 65 million downloads and a very active community you
can accomplish many goals with ease using WordPress.
Not only does the standard WordPress package include many cool features but the number of easy to install WP plugins available continues to grow, which in turn continues to multiply the number of uses for WordPress. The problem with so many WordPress installations all with different variations of WordPress themes and WordPress plugins is the fact that many people will launch a WordPress site and think everything is safe and sound moving forward. That is not the case, however. As technologies evolve and hackers figure out new ways to generate money, new holes will be located within the core WordPress code, WordPress plugins, WordPress themes, and in sloppy system administration. The article below will provide you with a basic understanding of the types of attacks to which your WordPress site may be vulnerable, along with various methods to minimize your risk by using basic Linux commands and the tools within Backtrack Linux.
A Short Story About Incorrect WordPress FilePermissions & The Possible Damage That CanFollow You may be thinking that your WordPress site wouldnever be a target for attackers, however, regardlessof content, your WordPress blog is a target. (Manyof the most effective WordPress exploits I have seenover time typically involve the quantity of breachedwebsites versus the quality of the breach itself.)? Oneof the more tricky exploits I have seen with WordPressinvolved an attacker adding some simple PHP code to files on a WordPress server that had permissions set incorrectly which is a very common mistake among do it yourself web developers.
The attacker adds the malicious code to specific files within the WordPress file structure, which redirects traffic with a referrer of a set list of search engines. An example of the malicious code in action would be someone searching for XYZ on Google which happens to relate to an article you have written on your WordPress site, so they click the result that takes them to your article, but instead of displaying the article you posted about XYZ, they are instead redirected to another website that is full of ads or full of malicious code that could infect your browser and/or PC. The benefit to the attacker is that they are either making money from the ads, or they are exploiting your users’ systems upon being redirected. Regardless of the scenario, the out come is a horrible experience for the person visiting your website. The genius behind this type of attack is that it is extremely hard to track down and nearly impossible for inexperienced web developers or system administrators to locate.
When this type of redirect issue is reported the person troubleshooting the problem typically visits the WordPress site in question and everything appears to be working as expected because they were not visiting the site through Google.Therefore they assume the issue was on the reporting users end. File permissions are extremely important and should be understood and followed when installing and/or managing a Wordpress installation. There are plenty of details on the WordPress Codex pages that can assist anyone not familiar with file permissions.The primary steps to take, however, include making sure files are not owned by the web server process,setting directories permissions to 755, and setting file permissions to 644. Having the proper file permissions will keep the attacker’s WordPress bots at bay.
Below are two quick examples of what the file permissions should look like on the wp-content folder and the wp-cache-config.php file.
*****************************
For Directories
find /path/to/your/wordpress/install/ -type d -exec chmod
755 {} \;
For Files
find /path/to/your/wordpress/install/ -type f -exec chmod
644 {} \;
*****************************
Tags:
Google
Linux
My Write-Ups
Plug-in (computing)
Publishers
Templates
Tools
Web 2.0
wordpress
WordPress Plugin Directory
WP Plugins