I’ve an important security alert regarding serious hacking activity on CMSs such as WORDPRESS, JOOMLA, etc. and how to prevent the sites from hackers. There will be major attacks on WordPress and Joomla sites whenever hackers upload malicious files in the site and remove all content present under that domain. To prevent this serious issue please carry out the following actions. I’ve divided the coding to be followed under two headings: (i) at user end and (ii) at developers end.
Steps to be carried out at the user end:
1. Upgrade CMS and PHP version up to date.
2. Upgrade your Anti-virus which you have installed in your server.
3. Avoid providing full permission to the files and folders. It should be 644 or 755
* For PHP files 644
* For config files 555
* For other files 755
4. Avoid using Vulnerable themes and extensions.
5. Change Admin, ftp, Database login details often.
6. Always make tough passwords with special characters. eg: y#$%6&!
7. Always take back up of your domain.
8. Change the default prefix of database (eg: jos_ or wp_ )
9. Change Admin URL and avoid displaying Extension version and name.
10. Restrict admin access for other IPs.
11. Use SEF extensions.
12. Make sure that you deleted the installation file from your site.
13. Place index.html or index.php file in all the folders.
14. Maintain a .htaccess file inside the images folder that should allow only image extensions.
15. Delete unnecessary files and folders from your server.
Steps to be carried out at the developer’s end:
1. Validate the Data. Check for the data type before saving the data.
2. Strictly follow the CMS standard while creating extension or plugin.
3. Avoid SQL injection.
4. Use safe variables.
5. Use “mysql_real_escape_string” function while passing value in Query.
6. Work in error Maximum mode.
I hope the security tips provided here would benefit both the users and developers to a great extent. Help your WordPress and Joomla site stay safe from the hackers and prevent data loss.