Learn about Centmin Mod LEMP Stack today
Register Now

Wordpress Hackers Find Fresh WordPress Sites Within 30 Minutes

Discussion in 'Blogs & CMS usage' started by Gavin, Aug 1, 2017.

  1. Gavin

    Gavin New Member

    Mar 18, 2017
    Local Time:
    10:18 AM
    Hackers Find Fresh WordPress Sites Within 30 Minutes

    Interesting...the summary taken from the article:

    Last edited: Aug 1, 2017
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    1:18 AM
    Nginx 1.13.x
    MariaDB 5.5
    yikes scary - that's why wordpress security in centmin.sh menu option 22 is done at nginx vhost and wordpress install time i.e. wpsecure and autoprotect.sh include files Wordpress - Wordpress 403 Permission Denied Errors. Also as centmin.sh menu option 22 auto configures and sets up wp-config.php, it renders access to /wp-admin/setup-config.php useless.

    Also centmin.sh menu option 22, in 123.09beta01 by default password protects wp-login.php and thus wp-admin access though you can opt to disable password protection. In 123.08stable there is no choice, wp-login.php is always password protected.
    Code (Text):
    Disable Auto Generated WP Admin Username / Password ? [y/n]: n
    Disable wp-login.php password protection ? (less security) [y/n]: n

    The WPSetup Attack: New Campaign Targets Fresh WordPress Installs
    Last edited: Aug 1, 2017
    • Like Like x 3