1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protect your Wordpress Blogs!

Discussion in 'Blogging' started by makingfastcash22, Sep 19, 2011.

  1. makingfastcash22

    makingfastcash22 Senior Member

    Joined:
    Feb 15, 2009
    Messages:
    1,152
    Likes Received:
    178
    Home Page:
    Hey guys and gals!

    I thought I might inform you about a couple of free plugins that can save your ass and our cash.

    My amazon sales have been dropping on some of my autoblogs and I finally figured out that my blogs were open to being hacked.

    So I installed wp firewall plugin and then next day I get an alert stating that it blocked a sql injection.

    Also all of my problems seemed to stem from having w3 total cache.

    I was a big believer in the plugin, but I found out that they got hacked and I believe this is where things started to get ugly for my autoblogs.


    SO I rebuild many of them completely as the databases where plagued with iframe injections.

    So now I install these plugins

    wp firewall
    ulitmate security checker- adjust to u get a good grade
    secure wordpress
    login lockdown
    tim thumb vulnerability scanner-another hacker issue
    antivirus- scans the theme for hacker issues
    wp super cache - no longer using w3 total cache

    You can also install exploit scanner and run that to see if there are any issues as well.

    Well hope this saves you some time and money, I lost a lot of both!
     
    • Thanks Thanks x 18
  2. makingfastcash22

    makingfastcash22 Senior Member

    Joined:
    Feb 15, 2009
    Messages:
    1,152
    Likes Received:
    178
    Home Page:
    • Thanks Thanks x 1
  3. Geddes

    Geddes Registered Member

    Joined:
    May 26, 2011
    Messages:
    57
    Likes Received:
    6
    Occupation:
    Affiliate Marketing
    Location:
    UK
    Home Page:
    Thanks for sharing :)
    I appreciate it because I have a few blogs on wordpress
     
  4. TheMatrix

    TheMatrix BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    3,444
    Likes Received:
    7,279
    Also suggest Exploit Scanner.
     
  5. battletross

    battletross Junior Member

    Joined:
    Aug 18, 2011
    Messages:
    105
    Likes Received:
    27
    Occupation:
    $$$
    Location:
    Detroit, MI
    Thanks for the share, gonna get these installed asap.
     
  6. cornkernel

    cornkernel Regular Member

    Joined:
    Sep 2, 2010
    Messages:
    443
    Likes Received:
    115
    Location:
    Australia
    i don't have any blogs up at the moment, but i thought i'd click on the thread and read it anyway. thanks for the tip. i'll keep it in mind for when i put up the few blogs that i'm working on at the moment. :)
     
  7. LowCountry

    LowCountry Registered Member

    Joined:
    Jul 28, 2011
    Messages:
    99
    Likes Received:
    24
    Location:
    The Low Country of course
    Thanks OP! I've installed your recommended plugins. Already feel better.
     
  8. supapera

    supapera Regular Member

    Joined:
    Sep 12, 2010
    Messages:
    212
    Likes Received:
    132
    Occupation:
    rushing long
    Location:
    de_dust2
    also take a look at TAC - Theme Authenticity Checker
    this plugin searches for malicious codes in themes
     
  9. markerpower

    markerpower Registered Member

    Joined:
    Apr 14, 2008
    Messages:
    89
    Likes Received:
    12
    Home Page:
    Thanks for the suggestions!

    I had an issue lately where my blog kept redirecting to other sites. After I updated WordPress, it seemed to stop.

    If you update, also backup your database. Sometimes WordPress likes to delete the database, when and sometimes after you update. I'm unsure why.
     
  10. Apposl

    Apposl Power Member

    Joined:
    Aug 26, 2010
    Messages:
    583
    Likes Received:
    94
    Occupation:
    Marketing and Promotions Coordinator
    Location:
    Corvallis, OR
    Any suggestions on how loading this amount of plugins decreases site speed?
     
  11. supapera

    supapera Regular Member

    Joined:
    Sep 12, 2010
    Messages:
    212
    Likes Received:
    132
    Occupation:
    rushing long
    Location:
    de_dust2
    some of those plugins you can disable after scan
     
  12. ADHD-Dude

    ADHD-Dude Power Member

    Joined:
    Apr 17, 2010
    Messages:
    592
    Likes Received:
    119
    From what I saw the only vulnerability's come from plugins, I use only wp super cache and the google site map.

    I will be using wp firewall just for show, another BHW member got his WP hacked, he was using all the wp firewall and security plugins but this didn't stooped some angry arabs
     
  13. TheMatrix

    TheMatrix BANNED BANNED

    Joined:
    Dec 20, 2008
    Messages:
    3,444
    Likes Received:
    7,279
    Some plugins that render something on the front-end can marginally affect site speed. While the ones that work in the back-end may/may not affect the site speed.

    If you want to check how plugins are causing slow speed, install Page Speed addon for FireBug.
     
  14. cicsmayhem

    cicsmayhem Regular Member

    Joined:
    Jul 13, 2010
    Messages:
    209
    Likes Received:
    49
    Location:
    Sky Net
    Add Silence is Golden plugin too.

    This is for those who are redirected to another site.
     
  15. KHMNTCPR8

    KHMNTCPR8 Regular Member

    Joined:
    Sep 19, 2007
    Messages:
    358
    Likes Received:
    134
    so are the hackers inserting their own affiliate links or something?
     
  16. cicsmayhem

    cicsmayhem Regular Member

    Joined:
    Jul 13, 2010
    Messages:
    209
    Likes Received:
    49
    Location:
    Sky Net
    Links to there website. Sometimes they put anchor text to gain link juice to their website. Pretty clever. Most wordpress themes that are shared nowadays have encrypted php codes.
     
  17. DebtFreeMe

    DebtFreeMe Regular Member

    Joined:
    Mar 14, 2010
    Messages:
    418
    Likes Received:
    363
    Occupation:
    Military
    Location:
    Earth
    Are you kidding me?... Sh*t... I went from having 15% of my income coming from Amazon down to less then 3%, I thought it was because of the season...

    Being black hat means you find the edge of the rules... Being a thief means you don't care about the rules...

    Is there any way to remove what has been done? Or do I have to rebuild my sites?

    Is there any way to find the Iframe injections? Is there any way to remove them in bulk?
     
    Last edited: Sep 20, 2011
  18. morehits

    morehits Junior Member

    Joined:
    Nov 24, 2010
    Messages:
    163
    Likes Received:
    31
    Good stuff to know
     
  19. cicsmayhem

    cicsmayhem Regular Member

    Joined:
    Jul 13, 2010
    Messages:
    209
    Likes Received:
    49
    Location:
    Sky Net
    To determine if there are exploits/hacks in themes/plugins, install Exploit scanner. Eventhough you haven't activated the theme/plugin, it will still scan them. You can just upload them to determine if there are exploits.

    Here are some helpful decoders for exploits:

    Code:
    http://www.tareeinternet.com/scripts/decrypt.php
    http://www.tareeinternet.com/scripts/byterun.php
    http://www.motobit.com/util/base64-decoder-encoder.asp
     
    • Thanks Thanks x 1
  20. Nookie Monster

    Nookie Monster Senior Member

    Joined:
    Mar 28, 2010
    Messages:
    968
    Likes Received:
    463
    Location:
    USA
    I too would like to know the answer to that. Would most of them show up as standard Iframe code? Or would it be encrypted?