Tagged: wordpress security
April 11, 2013 at 11:03 am #8378designandinternetParticipant
My client recieved this email. It looks like a pretty sophisticated ‘Spam’ email. Though it lists some pretty interesting observations that I would like to run past you and gauge your opinion.
Would you mind having a look at this email for me?
Client is with Heart Internet.
Installed via ‘One click Install’
Have used various plugins to secure the site
Website is http://www.squireprojects.co.uk
Here is the email:
From: Protect Your WP site [mailto:firstname.lastname@example.org]
Sent: 11 April 2013 03:27
To: (my clients email address)
Subject: Your website may be at risk
I was just browsing your website and I noticed that you had a couple of high risk security problems with your site and you maybe at severe risk of being hacked.
I checked with a security analysis tool and I thought you might be interested int he results:
Test 1 – WordPress version
Good: Your wordpress Version is ok.
Keeping the WordPress core up to date is one of the most important aspects of keeping your site secure. If vulnerabilities are discovered in WordPress and a new version is released to address the issue, the information required to exploit the vulnerability is almost certainly in the public domain. This makes old versions more open to attacks
Test 2 – WordPress configuration
Bad: Your WordPress configuration File is accessible from the Internet.
Keeping the website wp-config file hidden from outside of your network makes it harder for hackers to compromise your database.
Test 3 – Username still admin
Good: The WordPress default username iof ADMIN has been changed.
Its important to change the wordpress username from its default setting of Admin. Leaving it as Admin means that potential hackers have only to guess the password.
Test 4 – Installation file still exists.
BAD: The wordpress install file is still in its default location.
There have been several cases where attackers have used the install file to create access to the database. Its important to remove or move this file.
Test 5 – Upgrade script still exists
Bad: The wordpress upgrade file is accessible from outside.
There have been several cases where attackers have used the Upgrade file to create access to the database. Its important to remove or move this file.
Test 6 – Readme file still exists
Bad: The WordPress Readme file is accessible form the Internet.
The readme.html file reveals to a potential attacker the exact version name of wordpress you are using. This means it would be easy for them to identify weaknesses in your version and use them to compromise your website.
Test 7 – Uploads directory exists
Good: The WordPress uploads folder is NOT readable from the outside.
The Uploads folder contains images and files that are maintained using the media section within wordpress. Leaving this open to the outside means that attackers could steal access to hidden files. This would also be a copyright risk.
Test 8 – Malware check
Good: This site is considered safe by Google.
Google maintains a directory of sites that may have been hacked or compromised and are hosting malware or dangerous code used in phishing attacks. Its important to ensure that your site is listed as safe, or it may be removed from Google’s search engine.
My business helps local companies with their website and also in how to attract new customers.
When would be a good time to discuss how we can help you solve these problems and prevent any risk of your site being hacked.
You can reach me on :
cellphone no.: +63906 736 3442
Dannielle Clifford Estanilla
- You must be logged in to reply to this topic.