Join us in helping millions of WordPress Installs stay secure. Keep up to date with Updates from the Ghost Security Blog.

You are here: Home
April 17, 2012 By Leave a Comment

ManageWP Adds security analysis to its service

managewp

The WordPress management platform ManageWP.com has continued to add new features to allow people managing many WordPress installs simultaneously to have a dashboard that monitors traffic, updates plugins, and performs many of the routine maintenance tasks that web folks hate to do with a click of the button.

When you right click on a site in ManageWp, here is what you see:

 

When you click the Security Scan option, ManageWP does a securi.net scan on your site and displays the results. So you can see the following:

 

Security report (No threats found):

Blacklisted: No
Malware: No
Malicious javascript: No
Malicious iFrames: No
Drive-by Downloads: No
Anomaly detection: No
IE-only attacks: No
Suspicious redirections: No
Spam: No

For those managing multiple sites, this is a handy service.

Filed Under: The Basics
April 16, 2012 By Leave a Comment

Using Exploit Scanner (the Plugin) to scan for malware

One of the plugins that I like best for security on WordPress sites is Exploit Scanner. (It is in the repository). The first thing is that it is easy to use. All you need to do is install it and then go to Tools>>Exploit Scanner and then run the scan.

You will see a list of the files in your sites that may be affected by malware and exploits. This is where the cleanup gets to be the most interesting. You need to resolve each of these files if the threats are severe.

So if the files that are corrupted are in your WordPress install (the wp-admin folder or the root or the wp-includes) then by overwriting them with new files will be your first step.

Step 2 is to delete extraneous files that malware has potentially left on your system. By going through and looking at the DATE of the latest change after overwriting with a backup copy, you can quickly see what has not been changed and thus is a deletable file.

Finally, you may need to delete and reload ALL of your plugins one at a time and get them to perform correctly again.

Then re-run the scanner until all severe issues have been dealt with.

Filed Under: The Basics
March 16, 2012 By Leave a Comment

Tim Thumb Exploit continues to plague WordPress sites

One of the things that continues to plaque WordPress sites is the Tim Thumb exploit. For many, their theme providers or theme framework builders solved this problem for them. Here is where it gets more difficult. For those on an older theme that it NOT maintained, you need to check and see if your site [...]

Continue reading...
Filed Under: The Basics
January 7, 2012 By Leave a Comment

Getting beyond “Keep your WordPress Up to Date”.

OK, so if you have gone beyond the very basics of WordPress and installed more than a site or two, you kinda know the importance of keeping things up to date. That is what updates are for is to fix things like security flaws and holes in the system. Pretty simple right? Well, yes and [...]

Continue reading...
Filed Under: The Basics