Recovering from the xxx-exploiter attack

Fortifying yourself

Looking at the aftermath of an attack, I can only conclude that the attacker was able to exploit some method of access to the server root folder. The best defense in my opinion is to have a strong .htaccess file. I picked up quite a good number of tips from GitHub user anantshri. Start from more restrictive .htaccess directives as some might cause your website to give unexpected errors. This takes a bit of trial and error, but it is worth it.

You can also add suitable .htaccess files to sub-directories such as the wp-content/uploads directory to prevent script execution from such libraries. Here is a small snippet from the Codex

<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|mp3|mpg|mp4|mov|wav|wmv|png|gif|swf|css|js)$">
Allow from All
</FilesMatch>

The next level of security is using WordPress plugins. There are a good number of plugins that do a wonderful job, but to get you started, here are a few:

  • Wordfence Checks code against repositories to identify any changes. Also includes a caching service.
  • Sucuri Source code verification, remote log maintenance and malware scanning.
  • BulletProof Security Login monitoring, .htaccess editor. Features DB backups

Finally, keep regular backups of your website. cPanel & Softaculous. A remote backup is strongly encouraged, since your host may choose to reset your compromised website (to prevent other sites on the shared host from being impacted), for that I use Updraft Plus. It takes a few minutes to setup, but you can setup backups to be stored remotely on Dropbox or Google Drive or a wide variety of hosts.

While I hope that you don’t have to recover your website from an attack, I sure hope that this helped you in some way. Share your tips in the comments section below and safe blogging.

Leave a Reply

Your email address will not be published. Required fields are marked *