Home » Avoid Hacking

Category Archives: Avoid Hacking

Vetting form input using PHP

Forms provide a really good way for a hacker to try and fiddle with the internal ‘gubbings’ of your PHP code both in a normal PHP software development situation and customising WordPress with PHP.

The following functions allow a PHP developer to clean up the form’s data before they start to process it with their PHP code.

  • trim –
  • stripslashes
  • htmlspecialchars

Typically you can cascade the piece of data from the form through these functions.

$formvalue = trim($formvalue);
$formvalue = stripslashes($formvalue );
$formvalue = htmlspecialchars($formvalue );

They can obviously be nested into one line for brevity:

$formvalue = htmlspecialchars(stripslashes(trim($formvalue)));

Using the above will  remove  characters  such as  space, tab and  newline. It will then take out any ‘\’ characters. Finally any html tags are neutralised by characters such as <> being  replace by their respective PHP escape codes. For example: &gt for the greater than symbol >.

 

WordPress Health Warning

Plugins can degrade the performance of your site and some may have security implications. Delete any plugin you no longer use. It is suggested you keep plugins to a minimum and make sure you always update them when they have been updated. Remember that little red circle next to word Plugins in the Dashboard menu you sometimes see?  It means some plugins need updating.  See it! Do it!

Gasp… Chinese characters on my WordPress Website!

You’ve been hacked my friend…

 

Example of a hacked WordPres site
This page was the home page of an actual “professional”  WordPress developer.

The above, Gwent-based,  WordPress site was probably Chinese hacked because the developer did not have the latest version of WordPress. The html code on this site reported Version 4.2.6, when the latest copy of WordPress was 4.4.1.

<meta name="generator" content="WordPress 4.2.6"

How you can check if your WordPress is up to date click here.

If your site has been compromised by the Chinese hack then expect your site to be tagged with safety content warnings  from sites like  www.siteadvisor.com, www.mywot.com, /www.domainname.com. The hacker’s payload can include porn, gambling and violent content.

How do I reduce the chances of being hacked like this?

How do I get out of this mess?

Give me a ring or email me  and we can take it from there.   Your site can often be repaired remotely.

Michael Fabbro specialises in providing WordPress webdesign and consultancy for Newport, Gwent based businesses

What is the best way to avoid my WordPress website being hacked?

Number one has to  be….

Make sure you have the latest version of WordPress installed.

  • You must also use a good password, upper and lower case letters, numbers and punctuation characters. Do no use any dictionary words unless they are Klingon (The 1st Dynasty Dialect)
  • Avoid plugins if possible, they slow your site down and some can have security issues.
  • Make sure Plugins and Themes are up to date.

See also

https://www.fabbro.uk/how-do-i-stop-so-many-hits-for-wp-login-php/

https://www.fabbro.uk/wordpress-xmlrpc-php-high-number-of-hits-in-the-log/

How do I stop so many hits for wp-login.php?

Why are there so many hits forWordPress file  wp-login.php when I rarely log in?  Because bots are trying to hack you.

Simply use FTP or your hosting file manager to rename this file to something you can remember later.  When you need to login to your website simply change it back.

You can of course add a security plugin that renames the login page to something of your choice e.g. “iThemes Security

 

WordPress’ xmlrpc.php high number of hits in the log

This file allows remote posting to your blog using an XML-RPC client.  If you only post on your WordPress site then the chances are you do not need to have this file active. Rather than delete it, simply rename it to something you can find again.

If a large number of hits are recorded in the website log for this file then you can see at first hand how often your site is under hacker attack.

Support