Hardening WordPress/DreamHost and Cleaning Infected Sites

wordpress

#1

Hi all,

I am frequently having issues with my WordPress sites getting hijacked. I have DreamHost accounts with a couple different clients and it isn’t just one of them. I frequently change passwords to “strong” ones, and change FTP/MySQL/WordPress ones to all different ones.

I am familiar with cleaning sites. It seems the fastest method is to restore the currently installed WordPress code, disable (by renaming) plugins that throw PHP errors, and then install a WordPress Anti-Malware scanner plugin and run that to clean it all.

Are there any tools out there that can run on an ENTIRE DreamHost login/FTP account and clean multiple sites simultaneously, without having a working WordPress site?


#2

I use Wordfence and it did a great job on a site of mine that got hit. Since then, I use Cloudflare (free and paid plans) and rarely see attacks.

That being said, my first thought is the attack vector is WordPress. Plugins throwing errors is certainly a bad sign.

The following article has some suggestions:

Things I’d do:
Make sure each domain runs under its own user
Set DreamHost user to SFTP only
Give above user super hard password
Use SSH key for above user (https://help.dreamhost.com/hc/en-us/articles/216499537-How-to-configure-passwordless-login-in-Mac-OS-X-and-Linux)
Make sure your fully hosted domain is running Enhanced Security option in DH panel Manage Domains (edit your domain)
Run PHP 5.6 or newer

Run Wordfence scan on Wordpress installation


#3

In addition to WordFence, it may be useful to put wp-login behind httpasswd to fence off the dumbest bots (the vast majority). Check https://codex.wordpress.org/Brute_Force_Attacks