We have a few sites running on Easy Engine which keep being compromised. Where should we look to further secure these sites?
They are --wpfc sites. We do have some site wide redirects, perhaps they allow php injection?
rewrite /sites/all/files/(.*)$ /wp-content/uploads/download-manager-files/files/$1 permanent;
Would that allow script to upload and be executed?
Logs also show activity on theme editing:
BYPASS [14/Dec/2014:13:00:30 +0000] "GET /wp-admin/plugin-install.php HTTP/1.1" 200 18559 "http://www.trc.qld.gov.au/wp-admin/theme-editor.php?file=404.php&theme=twentyfourteen" "Mozilla/5.0 (Windows NT 6.1; rv:34.0) Gecko/20100101 Firefox/34.0"