1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Which WP folder is used to add malicious scripts by hackers?

Discussion in 'WordPress' started by postcd, Feb 5, 2017.

  1. #1
    Hello,
    when someone use security holes in wordpress plugins/themes to insert some malicious file or modify some file to my hosting account, i assume not all wordpress directories can be used to store first/initial malicious file.
    My question is which folders are those that i need to set to read only?

    i want to enable automatic updates of plugins, core, but interested if i can prevent the hacker inserting file and at same time keep update tied folders writable.
    SEMrush
     
    postcd, Feb 5, 2017 IP
    SEMrush
  2. wisdomtool

    wisdomtool Moderator Staff

    Messages:
    15,816
    Likes Received:
    1,365
    Best Answers:
    1
    Trophy Points:
    455
    #2
    You will definitely need to be more specific, which security holes, which files were modified and so on.
     
    wisdomtool, Feb 5, 2017 IP
  3. Nigel Lew

    Nigel Lew Notable Member

    Messages:
    4,640
    Likes Received:
    402
    Best Answers:
    21
    Trophy Points:
    295
    #3
    I find that sort of thing in lots of places. Your first order of business should be ninja firewall. Its stops that stuff before wordpress is even fired and it has no footprint at all. Its also quite helpful for finding the actual shell scripts that fetch that crap in the first place.

    Nigel
     
    Nigel Lew, Feb 5, 2017 IP
  4. postcd

    postcd Well-Known Member

    Messages:
    1,013
    Likes Received:
    9
    Best Answers:
    1
    Trophy Points:
    190
    #4
    postcd, Feb 5, 2017 IP
  5. Nigel Lew

    Nigel Lew Notable Member

    Messages:
    4,640
    Likes Received:
    402
    Best Answers:
    21
    Trophy Points:
    295
    #5
    That is not a plugin in that sense. Its a firewall. There are no simple tweaks. If you start trying to change all your perms you are going to cripple stuff.

    N.
     
    Nigel Lew, Feb 5, 2017 IP
    postcd likes this.
  6. jasleenkaur8

    jasleenkaur8 Greenhorn

    Messages:
    4
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #6
    Thanks for helping out. It really worked out for me.
     
    jasleenkaur8, Feb 22, 2017 IP
  7. Tutorials Feed

    Tutorials Feed Greenhorn

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    21
    #7
    with wordpress modification and use of security plugins, you also use Stop Spammers plugin if your site enables free user registration. Sometimes hackers register on the wordpress website and execute malicious script exploiting any vulnerability in theme or any plugin as well...
     
    Tutorials Feed, Feb 22, 2017 IP