Herself's Webtools » security

Security plugins updated

Linda MacPhee-Cobb — Fri, 12 Aug 2011 13:45:20 +0000

This week I updated all three WordPress security plugins – install and uninstall functions were added, the user interface and code was cleaned up. I hope to make them smarter over the coming few months.

Tripwire
Download WordPress Tripwire Plugin

Prevent bot registrations
Download WordPress Bot Blocker Plugin

Security plugin
Download WordPress Security Plugin

Some bot blocking htaccess hacks for WordPress

Linda MacPhee-Cobb — Sun, 06 Dec 2009 20:54:20 +0000

There are some great security plugins out there. But all WordPress security plugins require that the bot use the front door to the website. Otherwise the security plugin isn’t turned on.

Your .htaccess file provides better coverage and is more efficient. I realize not everyone has access to .htaccess and that is why bot blocker, security plugin and other security plugins exist. But if you have access to .htaccess that is where you should be doing your security.

This will not stop all bots but should slow them down quite a bit.

Improved .htaccess file

^ – starts with
$ – ends with

———————————————————————————
# block known trouble makers dumb enough to
# announce who they are
SetEnvIfNoCase User-Agent “^EmailSiphon” bad_bot
SetEnvIfNoCase User-Agent “^EmailWolf” bad_bot
SetEnvIfNoCase User-Agent “^ExtractorPro” bad_bot
SetEnvIfNoCase User-Agent “^CherryPicker” bad_bot
SetEnvIfNoCase User-Agent “^NICErsPRO” bad_bot
SetEnvIfNoCase User-Agent “^Teleport” bad_bot
SetEnvIfNoCase User-Agent “^EmailCollector” bad_bot
SetEnvIfNoCase User-Agent “^LinkWalker” bad_bot
SetEnvIfNoCase User-Agent “^Zeus” bad_bot
SetEnvIfNoCase User-Agent “^botpaidtoclick” bad_bot
SetEnvIfNoCase User-Agent “^Click Bot” bad_bot
SetEnvIfNoCase User-Agent “^WebRipper” bad_bot
SetEnvIfNoCase User-Agent “^Wget” bad_bot
SetEnvIfNoCase User-Agent “^Snoopy” bad_bot
SetEnvIfNoCase User-Agent “^Security Kol” bad_bot
SetEnvIfNoCase User-Agent “^libwww-perl” bad_bot
SetEnvIfNoCase User-Agent “^Java” bad_bot
SetEnvIfNoCase User-Agent “^DataCha0s” bad_bot
SetEnvIfNoCase User-Agent “^Grazer” bad_bot
SetEnvIfNoCase User-Agent “^lwp-request” bad_bot
SetEnvIfNoCase User-Agent “^lwp-trivial” bad_bot
SetEnvIfNoCase User-Agent “^Morpheus” bad_bot
SetEnvIfNoCase User-Agent “^Site Sniper” bad_bot
SetEnvIfNoCase User-Agent “^Winnie Poh” bad_bot
SetEnvIfNoCase User-Agent “^curl” bad_bot
SetEnvIfNoCase User-Agent “^Akregator” bad_bot
SetEnvIfNoCase User-Agent “^ac-baidu” bad_bot
SetEnvIfNoCase User-Agent “(Ubuntu-feisty)$” bad_bot

Order Allow,Deny
Allow from all
Deny from env=bad_bot

# block directory browsing
Options All -Indexes

# protect some files

order allow,deny
deny from all

order allow,deny
deny from all

# block bot registrations and send them to the front door
# if you try to register and your accept statement only has */*
# I’ll think you’re a bot

RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-login\.php*
RewriteCond %{HTTP_ACCEPT} ^\*\/\*$
RewriteRule (.*) http://yourdomain.com/ [R=301,L]

———————————————————————————

Additional resources:
Perishable Press Stupid htaccess tricks
Almost Perfect htaccess File for WordPress

Good WP database checks to run

Linda MacPhee-Cobb — Sun, 13 Sep 2009 18:50:11 +0000

Every so often it’s good to just run a quick pass on your WordPress database and look for troubles.

There are two things I check for: users who don’t comment, and iframes and scripts inside of posts.

You can easily bookmark SQL queries in phpMyAdmin, I do this and try to run the scripts every week or so.

To check for iframes and scripts added to your posts log on to phpMyAdmin and then click the SQL tab and run the following command:

SELECT * FROM wp_posts WHERE post_content LIKE '%iframe%' UNION SELECT * FROM wp_posts WHERE post_content LIKE '%noscript%' UNION SELECT * FROM wp_posts WHERE post_content LIKE '%display:none%' UNION SELECT * FROM wp_posts WHERE post_content LIKE '%display:%' UNION SELECT * FROM wp_posts WHERE post_content LIKE '%ekibastos%' UNION SELECT * FROM wp_posts WHERE post_content LIKE '%visibility:hidden%';

This looks for hidden things in your posts. If you get any results back you should check that post very carefully for things you did not put in it.

Users who register and don’t comment are likely bots who got through the bot net, or spammers planning to come back later. I delete all users who register but don’t comment soon thereafter.

To check for users who haven’t commented run the following SQL query

SELECT user_login, user_email, date_format( user_registered, '%M %d %Y' ) AS user_registration_date FROM wp_users WHERE wp_users.user_login NOT IN ( SELECT comment_author FROM wp_comments ) LIMIT 0 , 30

I’ve also begun checking comments for troubles using the same items I look for in posts:
SELECT * FROM wp_comments WHERE comment_content LIKE '% UNION SELECT * FROM wp_comments WHERE comment_content LIKE '% UNION SELECT * FROM wp_comments WHERE comment_content LIKE '%display:none%' UNION SELECT * FROM wp_comments WHERE comment_content LIKE '%display:%' UNION SELECT * FROM wp_comments WHERE comment_content LIKE '%ekibastos%' UNION SELECT * FROM wp_comments WHERE comment_content LIKE '%visibility:hidden%' LIMIT 0 , 30;

Another optimization you’ll want to make is to delete all those post revisions, they multiply quickly.

DELETE FROM wp_posts WHERE post_type = "revision";

And finally optimize your tables

OPTIMIZE TABLE `wp_comments` , `wp_links` , `wp_options` , `wp_postmeta` , `wp_posts` , `wp_terms` , `wp_term_relationships` , `wp_term_taxonomy` , `wp_usermeta` , `wp_users`;