WordPress Security: Your website may be at risk

Home Pootlepress Academy Support Forums Academy Support Forum Misc WordPress Security: Your website may be at risk

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #8378
    designandinternet
    Participant

    Hi Jamie

    My client recieved this email. It looks like a pretty sophisticated ‘Spam’ email. Though it lists some pretty interesting observations that I would like to run past you and gauge your opinion.

    Would you mind having a look at this email for me?

    Client is with Heart Internet.
    Installed via ‘One click Install’
    Have used various plugins to secure the site

    Website is http://www.squireprojects.co.uk

    Thanks Jamie,

    Mark

    Here is the email:

    From: Protect Your WP site [mailto:protectyourwpsite@gmail.com]
    Sent: 11 April 2013 03:27
    To: (my clients email address)
    Subject: Your website may be at risk

    Hi

    I was just browsing your website and I noticed that you had a couple of high risk security problems with your site and you maybe at severe risk of being hacked.

    I checked with a security analysis tool and I thought you might be interested int he results:

    Test 1 – WordPress version

    Good: Your wordpress Version is ok.
    Keeping the WordPress core up to date is one of the most important aspects of keeping your site secure. If vulnerabilities are discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attacks

    Test 2 – WordPress configuration

    Bad: Your WordPress configuration File is accessible from the Internet.
    Keeping the website wp-config file hidden from outside of your network makes it harder for hackers to compromise your database.

    Test 3 – Username still admin

    Good: The WordPress default username iof ADMIN has been changed.
    Its important to change the wordpress username from its default setting of Admin. Leaving it as Admin means that potential hackers have only to guess the password.

    Test 4 – Installation file still exists.

    BAD: The wordpress install file is still in its default location.
    There have been several cases where attackers have used the install file to create access to the database. Its important to remove or move this file.

    Test 5 – Upgrade script still exists

    Bad: The wordpress upgrade file is accessible from outside.
    There have been several cases where attackers have used the Upgrade file to create access to the database. Its important to remove or move this file.

    Test 6 – Readme file still exists

    Bad: The WordPress Readme file is accessible form the Internet.
    The readme.html file reveals to a potential attacker the exact version name of wordpress you are using. This means it would be easy for them to identify weaknesses in your version and use them to compromise your website.

    Test 7 – Uploads directory exists

    Good: The WordPress uploads folder is NOT readable from the outside.
    The Uploads folder contains images and files that are maintained using the media section within wordpress. Leaving this open to the outside means that attackers could steal access to hidden files. This would also be a copyright risk.

    Test 8 – Malware check

    Good: This site is considered safe by Google.
    Google maintains a directory of sites that may have been hacked or compromised and are hosting malware or dangerous code used in phishing attacks. Its important to ensure that your site is listed as safe, or it may be removed from Google’s search engine.

    My business helps local companies with their website and also in how to attract new customers.

    When would be a good time to discuss how we can help you solve these problems and prevent any risk of your site being hacked.

    You can reach me on :
    email: danncliff@gmail.com
    cellphone no.: +63906 736 3442

    Best Regards,
    Dannielle Clifford Estanilla

Viewing 1 post (of 1 total)
  • You must be logged in to reply to this topic.
Scroll to Top