Forum Replies Created

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter nurit.lerner

    (@nuritlerner)

    So all file permissions should be 777?
    What I did at the end with that website was to make a clean install, blocked access to wp-admin folder and installed WordFence. No problems reported since then.I try to keep it as upgraded as possible (WordFence sends me emails every time a plugin is out-of-date).
    I dont know if this is what made the difference or the clean install did. But for now, all is good

    I used every single security tutorial I could find online.
    On the wp-config I added this code:

    putenv('TMPDIR=' . ini_get('upload_tmp_dir'));
    define('FS_CHMOD_DIR', (0755 & ~ umask()));
    define('FS_CHMOD_FILE', (0644 & ~ umask()));
    define('AUTOSAVE_INTERVAL', 120);
    define('WP_POST_REVISIONS', 5);
    define('EMPTY_TRASH_DAYS', 7 );
    define('DISALLOW_FILE_EDIT', true);

    To the htaccess added this at the end;

    # END WordPress
    
    # Disable directory browsing
    Options All -Indexes
    
    # Disable access to all file types except the following
    <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar)$">
    Allow from all
    </Files>
    
    <files wp-config.php>
    order allow,deny
    deny from all
    </files>
    <files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all
    satisfy all
    </files>
    <FilesMatch ".(ttf|otf|eot|woff)$">
      <IfModule mod_headers.c>
        Header set Access-Control-Allow-Origin "*"
      </IfModule>
    </FilesMatch>
    # Block wp-includes folder and files
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^wp-admin/includes/ - [F,L]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
    RewriteRule ^wp-includes/theme-compat/ - [F,L]
    </IfModule>

    I added another .htacces onto the wp-content folder with this:

    # Disable access to all file types except the following
    Order deny,allow
    Deny from all
    <Files ~ ".(xml|css|js|jpe?g|png|gif|pdf|docx|rtf|odf|zip|rar|ttf|otf|eot|woff)$">
    Allow from all
    </Files>

    And another onto wp-includes folder:

    <Files *.php>
    deny from all
    </Files>
    Thread Starter nurit.lerner

    (@nuritlerner)

    More Data: Wordfence gave me this warning:

    Your DNS records have changed

    Old DNS records: false
    New DNS records: site.com points to 217.xxx.xxx.46
    Severity: Warning
    Status New

    We have detected a change in the A records of your DNS configuration that may affect the domain summitandblue.com. An A record is a record in DNS that points a domain name to an IP address. A change in your DNS records may indicate that a hacker has hacked into your DNS administration system and has pointed your email or website to their own server for malicious purposes. It could also indicate that your domain has expired. If you made this change yourself you can mark it ‘resolved’ and safely ignore it.

Viewing 2 replies - 1 through 2 (of 2 total)