Security

Are there known security issues with wpmu? Since starting to use WPMU several of my sites have been hacked. At first I assumed this was related to the WP 3.3 to 3.4 upgrade but most recently my primary site, running WP 3.4, was hacked.

Is there anything I need to know?

Many thanks,

Rob Falla

  • aecnu
    • WP Unicorn

    Greetings robfalla,

    Securing your web site starts at the host and in some cases no matter what you do because of the host they can hack your site via another site on the server for example using c99.

    Any chance you are hosting on Host Gator?

    In any event, one of the quickest ways to start securing your site is using the htaccess file to block access to your wp-config.php file by adding the following lines to it at the top:

    <files wp-config.php>
    order allow,deny
    deny from all
    </files>

    There are other things too that can be done and are listed here:

    http://codex.wordpress.org/Hardening_WordPress

    You also need to now check every file within your installation to see if a c99 file has been inserted into your web site folder because if it has been and it is not removed, there is almost no way to stop them.

    Please advise.

    Cheers, Joe

  • aecnu
    • WP Unicorn

    Greetings foodfriendfinder,

    Thank you for your additional input, it is greatly appreciated.

    Just a note though, some folks have indeed had to turn that very plugin off due to conflicts it caused with other plugins though I cannot remember exactly what specific plugins they were.

    In addition, it may have been caused by, as I remember from another member, they had like three different security plugins activated all at the same time and this may indeed have been the issue too.

    I am certainly not discounting your recommendation, just making folks aware that it can indeed cause other problems with some plugins though I cannot recall the specifics.

    Thank again for your input.

    Cheers, Joe

  • foodfriendfinder
    • The Incredible Code Injector

    Aecnu Thxs for your comments…

    First of all I am in no way connected to Bulletproof Security or as an affiliate only as someone that purchased the pro version and has activated it on my sites with no problems.

    My first reaction would be if someone has 3 different security plugins…yes I could see having problems…just as if someone had 3 different firewalls on their computer or 3 different cache plugins on their WP website.

    I have no experience with the free version.

    Checking BPS site there are no known conflicts with WP plugins.

    From their own words on their site ..not mine>>

    “The BPS Pro .htaccess files contain a massive amount of new Security Exploits Filters to block browser based hacking attempts, the php.ini files contain optimum Security and Performance settings for maximum security and performance boosts for WordPress websites, file locking on the fly for WordPress Mission Critical files to protect against Mass Code Injection attacks on Web Hosts, PHP Error logging, automatic HTTP 403 Error Logging to log and track hacking attempts against your website, built-in Monitoring and Alerting, extensive System Info.

    I am definitely open to anyone having problems with this security plugin as I use it on my clients hosted sites on my server.

    I believe Site Security is #1….

    The server can be secure…but hacked websites are no fun at any time.

    Thxs again.

  • Barbara Davis
    • Flash Drive

    aecnu, can you describe more what a c99 file is and what it looks like? My Gridmarket shopping site was hacked or corrupted somehow and I can’t make purchases online. It’s really bad, and nobody at WPMU DEV is helping… And/or, do you have suggestions on how to fix a corrupted site once its’ been hacked and the checkout page has been diverted to a site in Asia?? I’m in despair at the moment. Sorry to whine. Thanks! Barbara D.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.