Want more timely Centmin Mod News Updates?
Become a Member

Wordpress Hackers Find Fresh WordPress Sites Within 30 Minutes

Discussion in 'Blogs & CMS usage' started by Gavin, Aug 1, 2017.

  1. Gavin

    Gavin New Member

    12
    5
    3
    Mar 18, 2017
    Ratings:
    +7
    Local Time:
    8:42 PM
    1.13.x
    10.1.x
    Hackers Find Fresh WordPress Sites Within 30 Minutes

    Interesting...the summary taken from the article:

     
    Last edited: Aug 1, 2017
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,161
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    11:42 AM
    Nginx 1.13.x
    MariaDB 5.5
    yikes scary - that's why wordpress security in centmin.sh menu option 22 is done at nginx vhost and wordpress install time i.e. wpsecure and autoprotect.sh include files Wordpress - Wordpress 403 Permission Denied Errors. Also as centmin.sh menu option 22 auto configures and sets up wp-config.php, it renders access to /wp-admin/setup-config.php useless.

    Also centmin.sh menu option 22, in 123.09beta01 by default password protects wp-login.php and thus wp-admin access though you can opt to disable password protection. In 123.08stable there is no choice, wp-login.php is always password protected.
    Code (Text):
    Disable Auto Generated WP Admin Username / Password ? [y/n]: n
    Disable wp-login.php password protection ? (less security) [y/n]: n
    


    The WPSetup Attack: New Campaign Targets Fresh WordPress Installs
     
    Last edited: Aug 1, 2017
    • Like Like x 3