Dokumentasi

How do I prevent hacker from backdoor into my WordPress

By April 18, 2017No Comments

Hi there, I just want to share my method on preventing them from backdoor into your WordPress directory. My method is not 100% solid but somehow it can reduce the damage cause by the hacker.

Where the hacker will go first?

First of all,  hacker will upload malicious php file into your upload directory and they access that file from outside to run the script. Usually our upload directory will be in /wp-content/uploads

From my experience handling VPS server for more than 4 years, they will go there first. Always the first file will be there before it multiplied into other directory.

What I did?

I’ve created a crontab that will scan every 1 minute for my WordPress upload directory for any .php file. Simply type

  1. crontab – e
  2. */1 * * * * find /home/niaga/web/m-niaga.com.my/public_html/wp-content/uploads/ -name “*.php” -exec rm -rf {} \;

What will happen?

Your server will scan every 1 minute and delete any .php file as soon as it detect. The hacker will only have 1 minute to do their “thing” before their malicious file will be deleted automatically.

Leave a Reply