Security host and wordpress

v3
#1

Im using easyEngine and installed wordpress last version on it.

But there is someone attacking my server and their script is able to edit my .php files.

They already inserted malicious code in the menu internal file and they are always editing the theme header.php file.

I already changed the files permission to root user instead of www-data. Then the files could not be edited anymore. But i cant edit it also in the web area.

Anyone have already experienced that kind of attack? They are also doing brute force (already renamed wp-login.php file but they keep trying).

I think its a easy engine security failure.

#2

What is your server environment? Without more background it’s going to be difficult to help you sort this one out. This sounds like they’re getting in through some other attack vector… which really could be anything. Tell more about where it’s hosted, what is running, what you’re seeing in the logs that makes you believe that they’re brute forcing etc.

And, ideally, if you can you should just spin up a new server with a totally fresh WP install with everything up to date. Don’t stay on a box/account that you know (or even believe) to be compromised.

#3

I would suggest doing a few things.

  1. Get your site on CloudFlare, it helps to block a lot of crap from even accessing your server, and it hides your site’s IP.

  2. Use HTTPS, get an SSL certificate and activate it with Cloudflare’s Full SSL settings.

  3. Change the port for your SSH platform, create a separate user for SSH and sudo it, stop root logins.

  4. Install Fail2Ban on your server.

You can follow this tutorial for those last two: https://www.digitalocean.com/community/tutorials/initial-server-setup-with-ubuntu-14-04.

  1. Get a Wordpress security plugin like Sucuri, it will monitor all file changes and let you know about them, as well as stop brute-force.

  2. Get rid of the admin username on your blog.

  3. Change your MySQL from wp_ to something else that’s more secure.

  4. Use a two-factor auth plugin on Wordpress like Duo Security.

#4