I recently received an abuse email informing me that an node in my cluster was communicating brute force attacks to WordPress installations across the web.
I regularly check process logs and nothing out of the ordinary was present for the past few weeks but after a bit more digging I found an installation on a node that was running an old version of WordPress and had a theme installed that had been compromised. Obviously keeping your WordPress installation up to date is best practice, but in a real world scenario, users don’t always update or may feel overwhelmed about updating.
I want to share my experience of tracing the offending installation and provide the steps I took to alleviate the problem. These steps are reliant on the fact that you have a cPanel/WHM environment, although all steps could be accomplished directly through a CLI (Command Line Interface).
Continue Reading Article