My WordPress got Hacked!!
My WordPress got hacked today. This is a personal site that I use to post tips and fixes for various systems and programming languages. I found these log entries in my webhost log :
18.104.22.168 – - [14/Dec/2011:03:46:35 -0500] “GET /page/7 HTTP/1.1″ 200 27695 “http://www.bing.com/search?q=ip%3a22.214.171.124+wordpress&go=&filt=all&first=11&FORM=PERE” “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″
126.96.36.199 – - [14/Dec/2011:03:46:36 -0500] “GET /wp-content/themes/christmas-is-near/snow.js HTTP/1.1″ 200 3678 “http://techjunkie.tv/page/7″ “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″
188.8.131.52 – - [14/Dec/2011:03:46:36 -0500] “GET /wp-content/themes/christmas-is-near/style.css HTTP/1.1″ 200 17347 “http://techjunkie.tv/page/7″ “Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0″
I am following certain steps from http://codex.wordpress.org/Hardening_WordPress in hope that my wordpress blog becomes more secure to help mitigate this problem.
I am posting all the steps I am taking in hopes that I am doing the correct thing and to make it easier available to help other WordPress Bloggers that might be new to WordPress as well not have this situation happen to them.
1. Rename the default account to something else. For ex: Admin or Administrator account renamed to “onlyIknow-name”
2. a password with atleast 20 characters
3. set the permissions on the wp-config file to “400″
4. got new secret keys from WordPress key generator
to be continued…
If you have any tips for me to help secure this site please submit a comment.