Doubling down to improve security across the Artsopolis Network.
In our last newsletter we reported a significant jump in the efforts being made by 'hackers' and 'bots' to infiltrate our software systems and disrupt our services. While his type of malicious activity is not unique to our system - millions of websites across the Internet are also affected by this everyday - it did cause us to shift our focus in the latter half of January and the early part of February to containing these threats.
Now that the threat has been largely contained our focus has shifted to implementing and maintaing preventative measures and strengthening the tools that will help keep our/your system safe. Below are a few of the new security measures put in place in response to what we have learnt in the latest round of attacks:
SERVER
- Upgrade OS, install mod sec
- Set file and folder permissions to correct values
- Protect scanning from bot to wp-content/themes, wp-content/plugins, add a blank index.php to both wp-content/themes and wp-content/plugins folders.
APPLICATIONS
- Ability to enable xmlrpc.php for a specific site which enables data to be transmitted, serves the Jetpack plugin. The biggest issues with XML-RPC are security concerns that arise.
- Remove all unnecessary users on the network sites
- Only enable Wordpress API system to specific sites
- Reduce unused 'prepend' and 'append' database fields to two character spaces so that malicious scripts cannot be executed.
- Hide wp-config.php, .htaccess files by adding a block security code.
PLUGINS
- Review all free and paid plugins for latest version updates.
- Revewal all plugins for known security issues. Patch where needed.
- Phase out any plugins that are no longer supported by its developer.
USER ACCESS
- Change all sensitive passwords such as a super admin
- Remove all unnecessary users on the network sites
- Change your WP-login URL such as http://artsopolis.com/wplo3slsa3 rather than http://artsopolis.com/wp-admin. By leaving it as default it may be targeted for a brute force attack to crack username / password combination. Also check IPs have the most failed login attempts, the block them for a while. Ability to config Limit Login Attempts.
If you would like to read about these measures in all their wonderful technical-detail glory, please click the button below to download our white paper on the subject.
As always, if you have any questions, please email us at: NetworkSupport@Artsopolis.com