If you are using Wordpress for your blog site, please read this important security notice. It has come to our attention that some of our clients wordpress blog has been hacked.
Following these instruction will help you to secure you wordpress blog and prevent any future hacking attempt.
1. Check our Investigation Report on 12 common reason why wordpress blogs get hacked.
http://clients.bethelwebhost.com/knowledgebase.php?action=displayarticle&id=22
2. Follow these immediate ACTIONS on your wordpress blogs right now:
a. Set permissions (chmod) on public_html/wp-config.php to 400 (If you don?t know how to do it watch this video: http://www.youtube.com/watch?v=9ZmDwy7LXjk )
b. Remove MySQL user to Wordpress blog then add new one with STRONG password, again, using Password Generator Tool within cPanel. Example of good username: 17w4r1 (username will look like this 17w4r1_si7te1ty where 17w4r1 username to DB and si7te1ty username to cPanel. Example of strong password: Rx[f08_*&{bh.
c. Add the New MySQL username and password to wp-config.php immediately
(If you need our help on above action, please post a support ticket with your cPanel username/password, and wordpress BLOG URL, we can do it for you)
3. Update Wordpress (all files). You should always use official http://wordpress.org
4. Update all Themes (WP templates). It's very important to keep them up to date. You must remove all Themes which are NOT in use.
5. Make sure your plugins are always updated. Also, if you are not using a specific plugin, make sure to delete it from the system.
6. Generate full cPanel backup then download it to personal computer. Do not keep backups on your websites! Watch this video tutorial: http://www.cpanel.net/media/tutorials/backup_lo.htm
It's good idea to resolve local vulnerability issues by scanning your personal computer. We do recommend Kaspersky Internet Security 2011.
Please reset site password every 3 months. You must also update Wordpress blog as soon as they release new version. Wordpress is the most popular script, so it's being attacked a lot. Once you install it, you must dedicate some time.
If you installed WP and don't use it for 3-6 months, simply remove it off the server.
More security resources: http://codex.wordpress.org/FAQ_My_site_was_hacked
How to secure Wordpress Blog: http://codex.wordpress.org/Hardening_WordPress
