Wordpress Security :
- Eliminate all unnecessary/unused plugins and themes
- Update all cms,plugins, and themes
- Install and run the Timthumb Vulnerability Scanner
- Install and run the Wordfence security plugin
- Install and configure the Bullet-proof security plugin
- change your passwords (WordPress, FTP, cPanel, Wordpress database)
- Update your WP salts
- Disable the WP theme-editor.php
- Delete the ‘admin’ account
Create a new user with the role of Administrator, and then delete admin account.
- Move wpconfig.php upper in the directories hierarchy.
set conf files to chmod permission 600(wp-config.php)
- Rename your Admin folder.
- restrict admin folder access to your IP range with .htaccess and put following code in your /wp-admin/.htaccess file
Order Deny, Allow
Deny from all
Allow from 121.
To check your IP use: http://your-ip.com
- Securing wp-includes
- Change the WP tables prefix
- Disable File Editing
- Remove README and license files (important) since this exposes version information
Step 1 – Login to your WordPress dashboard as an administrator and go to Appearance -> Widgets. In my case, the two widgets I was using had been moved to the Inactive Widget box and replaced with a Text Widget in the sidebar.
Step 2 – Open the Text widget and click the Delete link on the bottom left. Once you’ve deleted it, reset your widgets to the way they were prior to the hack.
Step 3 – Next go to Settings -> Reading. Change your character encoding back to UTF-8. This will fix any lingering issues with your RSS feed and IE.
Step 4 – Lastly, reset the Site Title & Tagline for your site. The location for this will vary based on your theme. For my site, I selected Appearance -> Themes and then clicked the Customize link for my theme.
That will fix your site immediately. Clear out your cache and confirm that everything works.
Now that your site is up and running, you will need to make it more secure so that this problem does not happen again.
Step 1 – Change your passwords for your hosting service, WordPress, etc.
Step 2 – Upgrade to the latest version of WordPress.
Step 3 – If you have a backup of your site, do a restore to a version prior to the attack just for good measure.
Step 4 – Login to your WordPress dashboard and install the plugin Better WP Security and resolve issues 1-19 on the dashboard. For item 20, you will need to enable/purchase SSL from your hosting provider.
NOTE: Some of the changes the plugin makes will break links or images on your website. You will need to go back and update all of them, but that is a small price to pay for having your site more secure. The easiest way to fix all of the links at once is to download an export of your blog’s content (Tools -> Export), open it in Notepad and do a find and replace.
Step 5 – Move your wp-config.php up one level.
Step 6 – Change your database password and make a note of it. How to do this will vary by the host.
Step 7 – Go to your wp-config.php and open it in your favorite code editor. Update your database password to your newly updated password. Then go to the Secret Keys section and follow the instructions to update your keys.
It add a "widget_text" under the wp_options table and is also in the wp_options table under "blogname".
The hack changes your character encoding from UTF-8 to UTF-7. You can fix this through the WordPress Admin Dashboard/Panel by going to Settings -> Reading and setting it back to UTF-8.