I have hald a dozen WP sites. All of them have gotten hacked this week. They are replacing the index.php file with a modified file and redirecting to another site. What can I do to prevent someone other than the admin from modifying files? I am new to Linux and php type of websites, having 'cut my teeth' in the MS world so please be a little understanding
have you got the latest version of WordPress installed? if not, upgrade immediately! who is your web host? notify them immediately have you been able to find out throught your raw access stats who the hacker is?
Well, you've got Linux so chances are good you're using Apache. If that's the case... http://www.dailyblogtips.com/3-must-apply-security-tips-for-wordpress/ (ignore tip 1 - it'll do far more harm than good) http://www.devlounge.net/articles/protect-your-wordpress-wp-config-so-you-dont-get-hacked http://ocaoimh.ie/2008/02/27/how-to-successfully-spam-blogs-and-how-to-fight-back/ http://www.michiknows.com/2007/02/12/who-else-wants-to-hide-their-wordpress-admin-folder/ http://andybeard.eu/2007/04/the-ultimate-wordpress-htaccess-file.html http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/ (again, ignore Tip 1) http://www.theblogexperiment.com/blog-forum/showthread.php?p=14001 (yes, that's me on that forum)