Gary Consulting Group - Singapore CMS Web Design

The Wordpress content management system has a very huge code base, on top of that if your are running your own website using a Wordpress content management system it is likely you will be using third party plugins to augment the available features of your Wordpress content management system. This increases the surface area for potential hackers.

In a scenario of compromise, it is likely the hacker would leave a eval(base64_decode("Malicious codes")) line of PHP code in one of your Wordpress content management system. The base64_decode function changes a line of string into normal words, while the eval function executes the codes. This makes it especially hard for webmasters to find the malicious chunk of injected codes if they do not know what they are looking for

The malicious chunk of code usually injects a chunk of javascript into the eventual HTML document output to the client. There are two things this potential chunk of javascript could attempt to do.

1. Redirect users to some other websites
2. Cause a buffer overflow using Javascript and cause the running of some malicious scripts on the users computer

In another scenario, the hacker might attempt to modify the .htaccess file of your Wordpress content management system resulting the redirection of users to another location other than intended

Regardless of what the hacker has done, it is not wise to have bad things happening to your users when they visit your Wordpress content management system.

To safeguard your Wordpress content management system, here are the list of things you could do.

1. Make sure your apache instance is not running in a daemon which has administrator privileges
2. Always do periodic backups of your Wordpress content management system
3. Remove all unused themes and plugins on your Wordpress content management system
4. Change the permission level of all core files in your Wordpress content management system to 0444 via CHMOD. This means they are read only, thus preventing modification to these files even in the event of a hack intrusion.

The above list of preventive measures safeguard against a hack that leads to the generation of a PHP file on the server which allows the hacker to modify existing files on the site. However in the event whereby a hack leads to the crashing of the Apache server which subsequently allows the hacker into the command line under the daemon running this apache server, the file system becomes vulnerable.

The method to prevent this latter hack is beyond the scope of this article which addresses users of Wordpress content management system running in shared hosting accounts. Also if your are using a shared hosting account you will not have access to configurations on your Apache server. Your best option is thus to seek a hosting service managed by service providers who know what they are doing.