June 2020 - Security Improvements
Two WordPress sites were found to have been hacked, in the same way.
I have restored them, one by restoring from a backup and the other by editing
the database as by then I had discovered where the rogue code was and it was
reasonably easy to remove.
This prompted a security review on the whole server.
I found that a reboot (for a system upgrade) a week earlier had
come up with the firewall inoperative. I have fixed this so the firewall
starts automatically on reboot. Though the exact attack mechanism is still
unknown, I think it's no coincidence that the web site damage occurred a few
Both sites that were hacked were using the WP "Duplicator" plugin. I
have read reports that at least an older version of that plugin has a
security weakness. It's not clear whether that was the problem in this
case but I'll be watching out for that possibility if it happens again.
A great deal of traffic to the server was being caused by repeated login
attempts to WordPress sites. This comes from hackers' automated scripts
trying thousands of passwords in the hope of finding one that worked. I have
installed on each WP site a plugin lalled "WP fail2ban redux" that logs failed
login attempts on Wordpress, where another system (that was already in use)
can make the firewall block the IP addresses of repeat offenders.
I believe that passwords I created for WP admin users were secure enough
that this kind of brute-forcing would not have succeeded, but I have no
control over the passwords created by users themselves, and anyway the
volume of password attempt traffic was so high that it sometimes affected
I had already started installing a feature called
Content Security Policy to all sites. This has to be tailored to each site, and controls access to
resources to reduce or disable the activity of some common types of web site
attack. This work continues.
The mechanism (fail2ban) that blocks IP addresses that are trying to
brute-force passwords only worked on IPv4 addresses. Some attempts are
coming in from IPv6 addresses now, so fail2ban is now configured to
block both address types.
Older news (summarized)
News - November 2019
The migration of all sites to a new server as explained
is complete. (still with BitFolk but
running Sympl management software.)
News - October 2019
- Brief downtime of server provider in the middle of the night, for a
planned upgrade, completed without problems
- SSL certificates (to enable "https:" URLs ) were not always being
renewed in time. This turned out to be a legacy from the recent site move
and certificates are being renewed normally now.
News - June 2019
Migration of all sites from a Bytemark server to one provided
by BitFolk is now complete.
For the reasons behind this move, read Migration
of web sites to a new server.
News - December 2018
This is the first of a series of occasional newsletters for customers.
In 2018 the hosting business has picked up a respectable number of new
customers, including some that are quite prestigious:
Improvements to the Service
- New offsite backup provider, cheaper than the previous one who had
changed their pricing structure. Helps to keep your data safe and my price
- Speed improvements: I could afford a memory upgrade on the server
- A software upgrade from PHP5.6 to PHP 7.0 in November will also have
produced a speed improvement for most sites.
- WordPress Updates: my manual updates are now scripted for much quicker and easier updates