Intrusion Detection System for WordPress Sites

Question

Intrusion Detection System for WordPress Sites

With current problems with hacked sites , I need a tool (preferably free) that I can install on my site and it will send me a second message about changing / updating the file by email.

Any recommendations are welcome :)

This site is in a hosting package with a shared server.

+7

security php wordpress

Scott B Apr 20 '10 at 19:55

source share

9 answers

Joel l · Answer 1 · 2010-04-21T09:27:47+0000

You cannot install real IDS on shared hosting, this is the responsibility of the host.

Hack-ish solution:

You can create a script that runs periodically (using cron or some other mechanism) that monitors all files and compares checksums with a previously saved record, and then notifies you of the differences.

To find out if your script itself was deleted by attack (1), you should also create a script session on the remote server (maybe something like the Google App Engine) that binds your shared server - the script, and checks if it receives the expected the result (perhaps a hash based on a given time) - if not, it sends you an email.

(1) This is actually unlikely, most attacks do not delete files

Mark · Answer 2 · 2010-04-20T20:25:37+0000

http://www.la-samhna.de/samhain/

However, this will not work on shared hosting, so you will need a vps or dedicated server

tgolisch · Answer 3 · 2010-04-20T20:29:39+0000

I used to use Tripwire. It worked very well .... it's not free. You can find good options by searching for the term “IDS” or “Intrusion Detection System”

Lee shelton · Answer 4 · 2012-03-07T21:35:36+0000

The second sentence of Joel L is above - usually any output from the cron job is sent by e-mail to the address that you select when setting up the cron job.

If you rarely change themes or plugins, then this is a good way.

When you make changes, you can simply update the baseline checksum values.

I need to check out the mute shout plugin, although that might be better.

rook · Answer 5 · 2010-04-20T20:52:44+0000

The best free and open intrusion prevention system (IPS) for web applications (as in WAF WAF Firewall web applications) Mod_Security . But no system will stop everything. Espically with Wordpress because he won the pwnie award for being so insecure. I would seriously think about deflating Wodrpess for any other blog engine.

Another option that works best if you are in a shared hosting environment is to use PHP-IDS . The name is a little misleading, in fact it is IPS with regular expression. All regular expressions used by PHP-IDS have been ported to Mod_Security. Mod_Security provides a much better level of protection (ips) and logging (ids).

futtta · Answer 6 · 2010-04-22T10:47:33+0000

I originally wrote this in a commentary on the rook's answer, but it can get lost in all this noise;

phpids really looks interesting because it can be used in hosting a shared server environment, which in general will not apply to tripwire or mod_security.
interestingly, there is a wordpress plugin that integrates the older version) phpids into wordpress so it can be worth looking into.

Yuhong Bao · Answer 7 · 2011-03-08T06:51:56+0000

Rook: I think that is probably because WordPress security flaws are quickly fixed after being discovered. This means that anyone who starts the installation must keep track of new versions and install them as quickly as possible.

David Goodwin · Answer 8 · 2012-02-01T15:27:03+0000

You can update the site using subversion / git / etc - by executing a simple svn status or git status that will let you determine if the source files have been changed - however, obviously, it will not catch any changes that someone might make to the content databases, and it gets a little confused when someone updates the plugins (or Wordpress itself) - so much will change.

micutzu · Answer 9 · 2013-07-12T10:06:19+0000

see http://www.guardio.net uptime and file integrity monitoring

Intrusion Detection System for WordPress Sites

More articles: