We’ve seen a move to WordPress by clients and developers strongly in 2011, To this day wordpress is still going strong. One common theme we see from hosting companies on our management services is their clients, even our own client don’t keep up on their patches for WordPress, Joomla or other applications. Customers install once and forget about the application. While in a perfect world that would be ok, this day and age automated bots and scripters alike will scan your site for vulnerabilities. A vulnerable plugin, theme or core file those attackers install back door, spam script, inject code into your files. We focused our development on 4 main features. Tracking changes made to client files, keeping wordpress secured, signature scanning and stopping bad actors from hitting those unpatched websites. Tie that together with SSL cerificate and Waf protection you have a solid foundation for keeping your website secure.
DNI – SiteMD5 – We take a signature of the website on our servers. We can report files changed, deleted, uploaded the day before. We review each manually and re-seed the account if the file changes happened from known upgrade. If the changes happened because of a vulnerability we start the chain of notifying the customer, finding the vulnerability they came in on, patching that vulnerability if available, blocking the attack in the future, then cleaning or restoring the website back to tis state.
DNI – HackCheck – Each site is scanned with our custom clam signatures looking for bad unwanted files. When found each file is manually reviewed to see if it contains a hack/injection or malware and we will clean up the website or restore it from backups and then notify the client what we found.
DNI – WPSums – We check each wordpress daily against the published wordpress file checksums. This can help find any injections that took place into core wordpress files that may go undetected.
Modsecurity WAF – Security appliance that sits in front of all websites and scans all inbound connections for attempts to exploit a known vulnerability which is then stopped in its tracks. Also blocks known bad bots, user agents and spammers.