Changes

Jump to navigation Jump to search

Wordpress Blog Site (Tool) (view source)

Revision as of 00:31, 19 October 2017

1,216 bytes added ,  00:31, 19 October 2017
→‎Upgrading the blog
To start the service, restore the conf file first:
mv /etc/init/vsftpd.conf.stop /etc/init/vsftpd.conf
service vsftpd stopstart
==Update Wordpress==
grep -r "wp_class_support"
returns no results!
 
===Identified Malware===
Checking the files:
Both wp-content/themes and wp-content/plugins have an Oct 18 date on them. But both have subdirs with older access dates and seem clean. And the directory 2017/10 has Oct 4th dates on it but is empty. This is consistent with a numerically named php file being executed from here and then deleted.
According to the malware report it should target two additional files. We don't have WordFence, so only one is relevant:
locate wfScanEngine.php
locate class-wp-upgrader.php
===The Plan===
*Fix Fixed corrupted files but copying them over with clean versions from /var/lib/wordpress_bak/*Remove Renamed dodgy .htaccess file*Turn Turned on the FTPServer*Upgrade wordpress and its plugins. Note: DO NOT UPDATE THEMES!!!*Lock Turned off the FTP Server*Locked down directory permissions more tightly(see below)*Remove disused user accounts(any contributions set to Anne Dayton)*Changed permissions of all users to author, except Tay to editor, and left just Ed and Anne to admin I also installed the delete-all-comments-easily plugin and easily deleted the enormous queue of junk comments. ===Changing permissions=== I used the shared server config found here: https://www.smashingmagazine.com/2014/05/proper-wordpress-filesystem-permissions-ownerships/ From the wordpress dir run: sudo find . -type f -exec chmod 644 {} + sudo find . -type d -exec chmod 755 {} + sudo chmod 600 wp-config.php Image upload was tested and worked fine, and a new plugin was also installed fine. ===Installing WordFence=== I also installed the free version of WordFence. It wouldn't have stopped our last malware, most likely, but it should stop at least some of the future annoyances. I went with the basic config. The notifications are sent to mcnair@rice.edu ===Still to do=== We should consider some extra hardening! See, for example, https://codex.wordpress.org/Hardening_WordPress
That we really can't update our theme is an ongoing issue...
[[Category: McNair Admin]]
Retrieved from "http://www.edegan.com/wiki/Special:MobileDiff/20874...20882"

Navigation menu