I was studying the logs from one of my WordPress websites the other day and it dawned on me that logging and tracking 404 (File Not Found) errors is one of the keys to preventing an attack. For example, here is one of the URLs in the log:
http://www.businessbloggingpros.com/wp-admin/admin-ajax.php?action=getfile&/../../wp-config.php
There is a membership plugin named ‘Paid Memberships Pro’. Older versions of it had a vulnerability that would allow the hacker to download the main configuration file (wp-config.php) from a website using this url. The hacker was blindly try this on my website, hoping to get lucky.
What I saw in the log was the same IP address trying various URLs, hoping to find a know exploitable vulnerability.
I think you can see that it is important to implement a mechanism to detect these sorts of probes and then lockout the offending IP address. There are several plugins that do this, one of the best known is Wordfence.
None of thee solutions is a panacea: hackers keep getting smarter and their methods keep evolving, so it is important to keep up-to-date regarding wordpress security developments. One of the best ways to do that is to follow the better known blogs on WordPress security, such as:
http://www.wordfence.com/blog/
Recent Comments