Securing your Wordpress content management system |
The Wordpress content management system has a very huge code base, on top of that if your are running your own website using a Wordpress content management system it is likely you will be using third party plugins to augment the available features of your Wordpress content management system. This increases the surface area for potential hackers. In a scenario of compromise, it is likely the hacker would leave a eval(base64_decode("Malicious codes")) line of PHP code in one of your Wordpress content management system. The base64_decode function changes a line of string into normal words, while the eval function executes the codes. This makes it especially hard for webmasters to find the malicious chunk of injected codes if they do not know what they are looking for The malicious chunk of code usually injects a chunk of javascript into the eventual HTML document output to the client. There are two things this potential chunk of javascript could attempt to do.
In another scenario, the hacker might attempt to modify the .htaccess file of your Wordpress content management system resulting the redirection of users to another location other than intended Regardless of what the hacker has done, it is not wise to have bad things happening to your users when they visit your Wordpress content management system. To safeguard your Wordpress content management system, here are the list of things you could do.
The above list of preventive measures safeguard against a hack that leads to the generation of a PHP file on the server which allows the hacker to modify existing files on the site. However in the event whereby a hack leads to the crashing of the Apache server which subsequently allows the hacker into the command line under the daemon running this apache server, the file system becomes vulnerable. The method to prevent this latter hack is beyond the scope of this article which addresses users of Wordpress content management system running in shared hosting accounts. Also if your are using a shared hosting account you will not have access to configurations on your Apache server. Your best option is thus to seek a hosting service managed by service providers who know what they are doing. |