SecureLive is a website security system not exclusive to WordPress (there are versions for Joomla, PHP, Magento and more) but that also exists as free plugin that you can install from the plugin installer or the official SecurePress page .
What it offers SecurePress is a comprehensive detection and alert system hacking and exploits for WordPress that not only detects attacks but that blocks alerts you and even sends you reports by email or text messages. SecureLive says that detects 98.9% of the possible attacks, that's nothing, although you already know that in the security software we always go behind the attackers and nobody is going to guarantee 100% effectiveness.
If you want to try it you can download it at the official site or install it from your WordPress (it is in the official repository ).
The system is really complete, and even there is a video of the concept and functioning, this …
It is not the first time that comes to the fore the curious way that WordPress has protect the system against prying eyes. The bad thing is that in some things is passed from caution and in others careless.
Ya saw how careless it is when it comes to reporting errors of erroneous data, and we saw a possible solution, but What happens when we want to see the errors and do not show them ?. And, by default, WordPress hides the display of lots of errors, based on the theory that there is no need to give clues to possible intruders.
Now, if you need to see the errors of an installation, something very common when you have failures for yourself or for a client's site, there is no way that WordPress will inform you of what is failing .
Solution? fortunately very simple . You just have to add the following line at the top of the file
.htaccess hosted in the root folder of the WordPress installation to show you all the possible errors generated by your site:
You can do it even from your WordPress admin panel if you do not feel comfortable with FTP clients. And, of course, keep in mind that this should only be used for search and resolution of errors, it is not a code to leave permanently in your file
Although there are usually site hacks, most of the time they are benign issues. Typically, the hacking types place a few spam links in the back of your template. This type of issues is usually solved easily with an update and little else. But there has never been anything with the tenacity of remv.php ((Comes from phpRemoteView a script that, although it is not used much if it has danger when you do not know how to remove it)). It's something serious, it's almost a little scary. It seems that it can facilitate a DDoS attack (Distributed Denial of Service), and it would do the file remv.php somewhere hidden in your folder wp-content / themes / . But since everything has a solution in this life, here is the complete process, developed by Jason Cosper to eliminate this uncomfortable visitor in your blog:
All this will not be a problem for you if you always keep your blog a day, especially with security updates, so be sure to visit WordPress Help and the WordPress Development Blog . If you know something else about the infamous "remv.php" share it in the comments, we will be happy to learn more about this bug. It seems that it is not the system currently used by hackers but if you search on Google you will see that more than one has fallen .
Nowadays it is not impossible to hack a WordPress theme if you do not fulfill a minimum rules of security someone could insert code in your theme but not only that, it's much easier. Because taken by the searches you can get to download a theme from a doubtful site instead of the official site, and activate it in your blog without knowing that it has included malicious code .
If you have doubts, or want to make sure, you can check it with the plugin Theme Authenticity Checker (or TAC). What it does is search the files of your installed theme and try to detect malicious code . If it finds code of this type it shows the path to the theme file, the line number where it is and a small sample of the suspect code .
Now is that code safe to be malicious code? . There are chances that it will not be like that. Not that there are many but if there are some creators of themes that include hidden codes in Base64 or similar to, for example, prevent from withdrawing credits to the author or its patricinators.
So how do I know if the code is malware or not? . The easiest thing is to contact the author to check, or if you want to download the "official" version and compare the possible differences.
In any case, Theme Authenticity Checker gives you clues about codes that should not be there which are not normal in a WordPress theme .
What you read is an original content of WordPress Help – Resources, themes, plugins and tutorials in Spanish and it was published Fernando Tellado first here: Have you hacked your Theme?
I'm sure we have a new version of WordPress 2.3 … 4 since we have discovered a vulnerability in which you can create folders and pages in wp-content. It was announced in Smackdown and commented on Girl SEO and in Inkilino .
It seems that can be solved temporarily by adding these two lines to your file robots.txt :
I also recommend review this post to protect your installation, and let's hope it does not happen there. At the moment you can see the list of blogs hacked by this system in this Google search .