Wordpress/Joomla Frequent Defacement

You are here: Index > Softaculous Auto Installer > General Support > Topic : Wordpress/Joomla Frequent Defacement

Threaded Mode | Print

Wordpress/Joomla Frequent Defacement, From Softaculous Scripts (5 Replies, Read 3558 times)

hbhb	# February 14, 2013, 7:01 am
Group: Member Post Group: Newbie Posts: 3 Status:	Hi, My server has Softaculous provided to customers. Lately there are more & more hacks specially wordpress & joomla that I had to restore each backup everytime it happens. What are the steps that I should take to avoid this from happening; Or if this is a Wordpress or Joomla issue; what are the steps that the customer should do to avoid this from happening? Does Softaculous provide a guide or something on this matter?
IP: --

Wordpress/Joomla Frequent Defacement

Brijesh	# February 14, 2013, 7:50 am \| Post: 1
Group: Softaculous Team Post Group: Super Member Posts: 5653 Status:	Hi, Sir you can either set the default Admin username and password to be random from the Softaculous Admin panel -> Settings select the check box "Generate Random Username for users" or "Generate Random Password for users" OR you can set it blank by selecting the checkbox "Empty Username" or "Empty Password". This will restrict the suggestion and users will use secure login details instead of default admin/pass You can also set the permissions of the config file to be secure from the Softaculous Admin panel -> Settings set the CHMOD value eg : 0600 in the "CHMOD Config files" text box. This will CHMOD the config files like wp-config.php or configuration.php to 0600 instead of default 0644 Edited by Brijesh : February 14, 2013, 7:51 am ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

Wordpress/Joomla Frequent Defacement

hbhb	# February 14, 2013, 9:51 am \| Post: 2
Group: Member Post Group: Newbie Posts: 3 Status:	Thanks. That would help a bit. Very often some of the cases, the hacks came from hacks that got the details from some .txt file or I saw some @sym directory inside. I have no idea how that got in, but somehow they can get the database user & passwd from there. What are other ways to have scripts more secure?
IP: --

Wordpress/Joomla Frequent Defacement

Brijesh	# February 14, 2013, 10:28 am \| Post: 3
Group: Softaculous Team Post Group: Super Member Posts: 5653 Status:	Hi, Sir the .txt file or @sym directory is not created by Softaculous. It might be created by user or by some plugin or module they installed. The above mentioned steps should be enough to restrict unwanted access. Please try those steps and see if the sites are still hacked. ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

Wordpress/Joomla Frequent Defacement

hbhb	# February 15, 2013, 3:29 am \| Post: 4
Group: Member Post Group: Newbie Posts: 3 Status:	Thanks for the hints, will try those right away. In the meantime, the damage for existing sites - are they are recommendations how we can make the wp/joomla sites that is already installed more secured from those .txt & @sym?
IP: --

Wordpress/Joomla Frequent Defacement

Brijesh	# February 15, 2013, 5:48 am \| Post: 5
Group: Softaculous Team Post Group: Super Member Posts: 5653 Status:	Hi, For the existing installations you will have to search for wp-config.php (WordPress) and configuration.php (Joomla) and CHMOD them to 0600 (if you are using suPHP) and regarding the .txt files and the @sym we are not aware for a solution for this. We will look for a solution and let you know if we find it. Edited by Brijesh : February 15, 2013, 5:50 am ----------------------- Webuzo - Multi User Hosting Control Panel AMPPS - Best WordPress/PHP/MySQL development tool
IP: --

« Previous Next »

Threaded Mode | Print

Jump To :

Users viewing this topic
	1 guests, 0 users.

All times are GMT. The time now is May 15, 2024, 11:16 am.

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.

Queries: 10 | Page Created In:0.032