Phoenix - Your AI AssistantTidy the server from X-ransom attack
- Posted:
- Proposals: 27
- Remote
- #4156907
- OPPORTUNITY
- Open for Proposals
Moscow 
Description
Experience Level: Entry
Hello,
Our Wordpress website was attacked by x-ransom. We have a backup of the WP and the database dump. We have detected some corrupted files there but it seems that there are still some left that were not detected. It has to be tidy after the attack.
It’s an internet shop with uploads files of around 100GB. It’s stored on a private hosting in LV.
What is done do far:
1. Update WordPress Version
2. Use z’d updateSecure WP-Admin Login Credentials
3. Set Up Safelist and Blocklist for the Admin Page
4. Use Trusted WordPress Themes
5. Install SSL Certificate
6. Remove Unused WordPress Plugins and Themes
1. Enable Two-Factor Authentication for WP-Admin
2. Back Up WordPress
3. Limit Login Attempts
4. Change the WordPress Login Page URL
5. Log Idle Users Out Automatically
6. Monitor User Activity
7. Check for Malware - found several none-Wordpress specious files and plugins. Deleted them.
1. Disable PHP Error Reporting
3. Turn File Editing Off
4. Restrict Access Using the .htaccess File
5. Change the Default WordPress Database Prefix - not done
6. Disable XML-RPC
7. Hide the WordPress Version
8. Block Hotlinking - not done
9. Manage File Permissions not done
After making the list, we received another x-ransome attack. I suspect he has a server level access not only wp level.
If you apply, you need to be a server security and a Wordpress specialist.
Please, quote for the job.
Our Wordpress website was attacked by x-ransom. We have a backup of the WP and the database dump. We have detected some corrupted files there but it seems that there are still some left that were not detected. It has to be tidy after the attack.
It’s an internet shop with uploads files of around 100GB. It’s stored on a private hosting in LV.
What is done do far:
1. Update WordPress Version
2. Use z’d updateSecure WP-Admin Login Credentials
3. Set Up Safelist and Blocklist for the Admin Page
4. Use Trusted WordPress Themes
5. Install SSL Certificate
6. Remove Unused WordPress Plugins and Themes
1. Enable Two-Factor Authentication for WP-Admin
2. Back Up WordPress
3. Limit Login Attempts
4. Change the WordPress Login Page URL
5. Log Idle Users Out Automatically
6. Monitor User Activity
7. Check for Malware - found several none-Wordpress specious files and plugins. Deleted them.
1. Disable PHP Error Reporting
3. Turn File Editing Off
4. Restrict Access Using the .htaccess File
5. Change the Default WordPress Database Prefix - not done
6. Disable XML-RPC
7. Hide the WordPress Version
8. Block Hotlinking - not done
9. Manage File Permissions not done
After making the list, we received another x-ransome attack. I suspect he has a server level access not only wp level.
If you apply, you need to be a server security and a Wordpress specialist.
Please, quote for the job.
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.