Forgotten Password Attack On WordPress
The WordPress Firewall plugin notified me of a new attack on my WordPress site today; an attempt to inject a file named "fgiwfi.php" via a "password_forgotten.php" injection. This was quickly followed by another e-mail alerting me to an attack from the same IP using the same forged link on another of my pages, but this time with a file name of "yjiujc.php". A third e-mail followed almost immediately from the same IP with a file named "yadydu.php". I don't know who this person is, but I'm very thankful for the WordPress Firewall plugin!
The WordPress Firewall plugin notification of an injection attack.
Recommended Actions
I took the following actions after receiving the first e-mail:
- I immediately inserted the offending IP address into my list of banned IP's using the WP-Ban plugin. I did this across all my sites.
- I then scanned my entire file system on each site for the presence of the above three files. The WordPress Firewall plugin did its job: no copy of any of the above files was found.
At The End Of The Day...
I really hate people who try to hack my sites. I'd love to see WordPress ship with WordPress Firewall and WP-Ban installed and activated at the time of installation with a listing of the known offensive sites. Yes, they can change their IP, which is why I use the combination of plugins, but I would love to make it so impossible for them to get to any WordPress site that they just give up and move elsewhere!
Bugs Dashboard
WMPNJ Software
