Posts tagged as:

security

How to secure WordPress timthumb.php

If you have a selfhosted WordPress blog (WordPress.org), take urgent measures to secure your site from a recently discovered vulnerability. Many WordPress themes and plug-ins use a script called “timthumb” (timthumb.php). This is the most common code used to create thumbnails from pictures. End July, a vulnerability surfaced showing external users could dump malicious code [...]

[click to continue...]

GoDaddy sites hacked again

Thumbnail image for GoDaddy sites hacked again

After the massive hacks injecting malware into shared hosted sites from several providers back in April and May, it seems they are back at work. Many sites hosted by GoDaddy are being hacked at the moment I am writing this post. Two of mine were affected an hour ago. Update: Hit again this morning (Sept [...]

[click to continue...]

Securing your WordPress blog

Thumbnail image for Securing your WordPress blog

Bloggers have rushed to secure their selfhosted WordPress blogs after the recent massive hacks on shared hosts. I was one of them, even though only one of my blogs was affected. I spent hours browsing, looking for good resources, common knowledge, and solid tips to form a list of quitessentials on WordPress security. I also [...]

[click to continue...]

Automatically monitor malicious file changes on your WordPress blog

Thumbnail image for Automatically monitor malicious file changes on your WordPress blog

During the the latest spree of hacks in April and May, hackers dropped a malicious .PHP script on the root directory of selfhosted blogs. The script changed all .PHP files, adding one line of code which redirected visitors to a virus-infested site, and then deleted itself. There was anything between a day and an hour [...]

[click to continue...]

How to block users uploading malware to your blog?

Thumbnail image for How to block users uploading malware to your blog?

Many shared hosts don’t protect you from users uploading and executing malicious code to your website. Here is how to close that loop hole for hackers.

[click to continue...]

An analysis of the latest website hacks

Thumbnail image for An analysis of the latest website hacks

After the latest spree of hacks on thousands of websites, it is time to look at some of the commonalities and ways to security our sites better. Given that the security holes are clearly at the level of the website hosting companies, and it is their duty to close those holes, nothing stops us from [...]

[click to continue...]

Godaddy hacked again. Another way to cure your site.

Thumbnail image for Godaddy hacked again. Another way to cure your site.

Godaddy got hacked again this morning (This is what Godaddy has to say about it). Update: and again on May 20. And again on September 18 and September 21. If you host your blog on Godaddy, you would do well to check your site regularly for any malware, and here is how. The hack is [...]

[click to continue...]

How to cure your GoDaddy WordPress hacked blog

Thumbnail image for How to cure your GoDaddy WordPress hacked blog

Update: I adapted a script to easily verify and cure the infection on your site. Check this post for more. The GoDaddy hosting service got hacked three times in a row now. On April 27, May 1 and May 7, many sites, including thousands of WordPress blogs, got infected by malware code. Update: GoDaddy hosted [...]

[click to continue...]