Dreamhost told me that It was trying to login via XMLRPC. What should I do to protect from XMLRPC, should I Install this plugin https://wordpress.org/plugins/disable-xml-rpc/
or add this code to .htacess file
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 103.41.36.73
</Files>
Is there any disadvantage to block XMLRPC file?
Now I deleted those files which were founded malicious during Wordfence scan..
File Deleted:
wp-includes/widgets/cry_lib.php
/wp-includes/js/page.php
wp-includes/js/swfupload/functions.php
wp-includes/js/tinymce/utils/javascript.php
wp-includes/js/articles/0fea6_b92e79e193a16d39e2412e2b82a0c27e
wp-includes/js/articles/d30ef49
wp-admin/wp_cache_mutex.lock
wp-admin/network/xml.php
wp-admin/includes/login.php
wp-admin/css/.bt
Please tell me how these files are created in these folders? Is it via FTP or Is it via wp-login hacking or via any other hacking software? Can you please send me some articles to read about how hackers do this.!
And I found one PHP files manually via FTP login which is in the wp-content/uploads/2013/06/api.Spain.php
Why this file is in the photos folder.. how it comes, the even problem is wordfence even did not find it for me.. 🙁
Should I delete this file also?
And what other codes should I add to .htacess file so that website can fully be protected..
Thank you.
Hi,
Disabling XPL-RPC could have some undesired effects on your website, please check “Should You Disable XML-RPC on WordPress?” article to get more details.
For your second question, I recommend reading “How Attackers Gain Access to WordPress Sites” on our blog.
You should not have this “api.Spain.php” file uploaded to “uploads” directory, most probably this happened during the hack attempt you experienced, I highly recommend following this guide to “Clean a Hacked WordPress Site using Wordfence” and make sure “Disable Code Execution for Uploads directory” option is selected.
Thanks.
Okay as your article told me that don’t disable XML-RPC, so I am not disabling this.
I deleted “API.Spain.php” file, website is clean now, I added the code in .htacess file to wp-content/uploads/ and I also add the kill php execution code: https://ibb.co/hU2ey6
And I also Installed Jetpack plugin, Is it good for the site? what are the advantages of this?
As wordfence saying that use two factor authentication, is best what if hackers hack via FTP username and password, if they hacked via FTP they can delete, edit and add the anything?, how to protect that.
And I am using Dreamhost VPS hosting, is it good?
And you did not mention that what is the solution of XML-RPC hacking?, okay I will not
Block via code in a .htacess file, but what is the solution of that?
Sorry for a lot of question, one more: I am using a Wp-rocket plugin for Caching, Is it good and secure for WordPress?
Besides setting “Strong Passwords” in your login credentials, you must use sFTP not FTP, please check this article for more information.
You can adjust “Login Security” option in the plugin and this will be applied on login attempts via XML-RPC as well.
We only provide support for Wordfence here on the forums and I’m not allowed to write my opinion about other products/services.
Thanks.
Thank you :), I asked the question of hosting because I read in the article that if hosting is bad then plugin even cannot do anything, that is why I am asking about hosting, Is this best hosting or not..!
Should I use 1Password to save all the passwords? is it safe website/app?
How to solve this problem:
If a plugin contains functionality that permits the uploading of files (e.g. a contact form with an “upload file” field, or a slider form that allows image uploads) and a hacker can trigger it into uploading a php file for example, that opens the door for them to run their code on your server without your knowledge. If that uploaded php file can access your wp-config.php, it can “dial home” with your database settings and provide a hacker with further useful information to help them compromise your server without your knowledge.
How to protect from this?
Password managers in general should be helpful to generate complex passwords and save them for you, so you don’t have to remember the password each time you need to use it, please check “step 4” here.
For the second question, if you are asking this question as a normal user then once this happened it means that the plugin has a vulnerability, so the advice here is to keep your plugins updated and Wordfence will catch such infections in its scans. This is called “File Upload Vulnerability”.
If you mean how to prevent such a vulnerability as a developer, then I’m sure you will find your answer in this article “How to Prevent File Upload Vulnerabilities“.
Thanks.
