Ideas for Defender to be awesomer

Hi folks,
i just got hacked in such a senior way, that i was ready to cry! I installed defender, and the hacker still walked all over me, wiping the floor with me, and dunking my head in the loo.

eventually, a couple of things would have saved my bacon - they're not built into defender yet, so i thought i'd add it to the wish list.

1 - set the public_html permissions back to 755... and on subfolders?
2 - check all files against the repository's version of the plugin / theme / w-press
3 - scan outside files outside the installation... for us diddlies who don't know what should be there and what not...
4 - the checking if google's blacklisted your site? that's awesome. but i think i can just get there off dashboard? it doesn't have its own entry in the menu?
5 - listing the registered users on the domain with admin rights, because not all the users show up in the admin panel, you gotta go hunt in the database for rogue ones.
6 - the ability to uninstall themes and plugins rather than upgrade them? it showed me a few plugins that weren't actually listed in the plugins panel, but that they needed an upgrade. so - i'd really have liked to delete them, but they're not listed anywhere, nor show up as folders under /wp-content/plugins/?

i love how you've gamified wordpress security. it's revolutionary! :slight_smile:
love the artwork.
love the easy ten step hardening.
love the pep talks while i'm fixing a ruined site.

  • Hoang Ngo

    @Symi,

    I've checked your site, due to your email, this likely cPanel break in. Can you please send me your cPanel account, that's will easier for me to check & find the suspicious files.

    Can you please send in:

    - Mark to my attention - ATTN: Hoang Ngo
    - Link back to this thread
    - Include admin/network access
    - Include cPanel
    - Include any relevant URLS for your site

    On the contact form, select "I have a different question", this ensures it comes through and gets assigned to me.

    Thanks!!.

    Best regards,
    Hoang

  • Symi

    there are a couple of things that aiowps does, that really helps. like adding captcha to login, and renaming the login URL, etc.

    having said that - i like the "simplicity" of defender.

    what would be magnificent is if i could do a remote "crisis mode" from the wpmudev hub, to any of my sites that run dashboard, something that hardens the install like level 4 / wordfence?

    right now i'm jumping from site to site to do the settings...

  • Symi

    so - guys, still on this topic.

    my cpanel hack, the beloved little thing, is adding folders to the wordpress install, under includes and under content, and under admin - wherever it likes.
    while daily scans from wordfence and defender think the skies are clear.
    i'm suspecting that it's doing this with a root kind of account, because any process that runs on the system, does so with it's own permissions, as per the owner of the process?

    so the only think i can think is that nothing inside wordpress sees these files, as they're outside of teh owner's jurisdiction, so to speak. is that possible?
    how does one gear defender / wordfence / scanning software to pick those files up?

    if it could, and scan from public_html level, it would mean that my wordpress install is UNTOUCHABLE dude... but like.... AWESOMELY so. :slight_smile:

    i think.

    how do we do that?

  • Adam Czajczyk

    Hello Symi!

    I must admit that I'm not entirely sure if a WordPress plugin would be allowed to access files outside the WP install folder without breaking any "WP rules" - which in turn could make itself a kind of "security flaw". For sure Defender cannot do this currently though.

    Fortunately Defender's lead developer is keeping track of this thread and I'm sure he'll consider implementation of these ideas in future if only possible.

    Best regards,
    Adam

  • Symi

    Whoohoo - thanks Kind-Men-Who-Parade-Around-In-Tights-At-Work.

    so here's the next question - if i do a backup with the WPMUDEV backup tool, will it see those files, and back them up too? The ones that wordfence / aiowps / defender don't see? Theoretically that's perfect then... :slight_smile:

    Also - I'm checking out CCleaner for Windblows, and it manages to figure out if there's a registry entry that doesn't currently have software attached to it, if that makes sense. The *excludes expletives* human who managed to hack my site, has added tables to my DB. So it made me fink.

    I'm a keen supporter of something that can clean up a database of plugin tables / fields that are no longer active? Even if that is a manual selection process of the plugins that should no longer have tables / records available to them as they've been decommissioned. With the warning that the site will then not remember a single bit of information when you reinstall them?

    And no - I have no clue how tricky / impossible this is going to be to implement. :slight_smile:

    I walk around with t-shirts and shorts at work!

  • Adam Czajczyk

    Hey Symi!

    I walk around with t-shirts and shorts at work!

    Still to cold here. Luckily, spring is rapidly blooming so it shouldn't take long :slight_smile:

    so here's the next question - if i do a backup with the WPMUDEV backup tool, will it see those files, and back them up too? The ones that wordfence / aiowps / defender don't see? Theoretically that's perfect then...

    That's again a matter of what can standards-compatible plugin "reach out". What's inside WP install directory should be possible to backup. Snapshot PRO gives you a choice of what to backup, including db tables.

    Also - I'm checking out CCleaner for Windblows, and it manages to figure out if there's a registry entry that doesn't currently have software attached to it, if that makes sense. The *excludes expletives* human who managed to hack my site, has added tables to my DB. So it made me fink.

    Defender performs three type of scans:

    "WP Core Integrity" - that's on a file level; it checks WP core files against any changes that's been made there

    "Plugin & Themes Vulnerabilities" - that would be closes to CCleaner though a bit different; I'm not sure if its using any heuristics but it does include a huge db of known vulnerabilites and compares your plugins and themes against them

    "Suspicious Code" - that's again a file scan an this does use some heuristics and "probability" algorithms

    And no - I have no clue how tricky / impossible this is going to be to implement.

    I"m pretty sure a lead developer would know better than me what's doable here and what's not so let me tag Hoang Ngo (Hoang) here.

    Best regards,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.