Tag:exploit

Securing phpMyAdmin in a WordPress Jail

Posted on Updated on by basilCategories:FreeNAS, Networking, WordPress

This post assumes you’ve run at least version 1.3.0 of the Scripted WordPress Installation. In the post WordPress Script: Post-Installation Tasks, I suggest that a way of securing phpMyAdmin in a WordPress jail is to disable it when not in use. One way to disable phpMyAdmin is to unlink it in the jail rm /usr/local/www/wordpress/phpmyadmin. This …
Continue reading Securing phpMyAdmin in a WordPress Jail

Wordfence: Site Compromised

Posted on Updated on by basilCategories:WordPress

So, while I’ve been busy hardening my blog site blog.udance.com.au, by stealth, hackers appear to have been busy on the WordPress site attached to the main domain udance.com.au. The tell-tale signs suggest that the site appears to be compromised. As there’s no content yet on this site, the easiest thing to do is blow it …
Continue reading Wordfence: Site Compromised

Wordfence: “You keep on knockin’ but you can’t come in”

Posted on Updated on by basilCategories:WordPress

Here’s a little something to listen to while you read this post. It’s appropriate for this post. Wordfence is effectively blocking blocking attempts to log in using invalid usernames. Refer to the post WordPress Plugin: Wordfence logging lots of failed login attempts for further details. However, there’s someone sneaky who is quietly trying to log …
Continue reading Wordfence: “You keep on knockin’ but you can’t come in”

WordPress Plugin: Wordfence logging lots of failed login attempts

Posted on Updated on by basilCategories:WordPress

It’s scary to see a WordPress site being probed for vulnerabilities Dashboard > Wordfence > Tools > Live Traffic Most are for invalid users blog and admin. As part of tuning Wordfence, block these immediately Dashboard > Wordfence > All Options > Brute Force Protection Activity detail reflects the change:

WordPress Plugin: File Manager – Vulnerability

Posted on Updated on by basilCategories:WordPress

September 2020 was a bad month for WordPress websites running File Manager. You can read all about it in the article Hackers are exploiting a critical flaw affecting >350,000 WordPress sites. So, a couple of nights ago I was posting in the support forum for the WordPress Plugin: Wordfence Security – Firewall & Malware Scan …
Continue reading WordPress Plugin: File Manager – Vulnerability