202001.30
Désactivé
0

How to fix the WordPress Admin User Hack

par

How to fix the WordPress Admin User Hack

  1. Change all passwords
    1. FTP accounts
    2. MySQL Databases
    3. Server's admin panel account
    4. SSH password/key
    5. E-Mail accounts hosted on the infected server
  2. Delete all anonymous FTP accounts
  3. Investigate server logs to see hack attempts from strange IP addesses
  4. Update the file & folders permission. Set following files to 444 permissions
    • .htaccess
    • wp-config.php
    • index.php
  5. Update file permissions of /wp-content/ & /wp-content/uploads folder to 755 instead of 777 (open for everyone)
  6. Enable IP whitelisting to /wp-admin folder so that only selected IP addresses can access it