WordPress Blogs Hacked Via Config File

A number of WordPress blogs hosted at Network Solutions were hacked according to ZDNet. A malicious hacker was able to create a script that scanned for WordPress config files which contain MySQL database credentials in plain text.

WordPress config files should only be read by Apache only with permissions of 750. Most users have their permissions set to 755. WordPress users should set their permissions to 750 to avoid from being hacked.

Another way of protecting WordPress config files is to use .htaccess. Add the following code to your .htaccess file.

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all

10 thoughts on “WordPress Blogs Hacked Via Config File

  1. Good post more and more companies are looking to wordpress as there CMS system of choice. While I think wordpress is tops!! I would advise people to just take time to ensure they have done everything they can to secure there wordpress website.

  2. Pingback: Hello world!
  3. If you install mod_fcgid you can set up chmod 600 which is the most secure option. Then web server is running under the specific user. This is the most secure way for shared hosting services.

Comments are closed.