How to use v-lock-wordpress
Posted: Wed Feb 01, 2023 2:35 pm
To provide users with an easier way to deal with malware that cannot be easily eradicated from the site, we have invented the WordPress "lockdown" method.
Essentially, the method will cause your WordPress files to become frozen, making it impossible for malware to modify them. Still, at the same time, it will allow uploading images in the gallery.
Notice: before locking, make sure to clean malware files and malware lines of code as much as possible.
Use this method to find freshly uploaded or modified php files (that are probably uploaded/modified by malware).
To lock your WordPress, in your SSH, as root, do the following:
Note that this will only lock the files, not the database, as the database is impossible to lock.
If you don't clean up all infected files before locking, a hacker can theoretically still modify posts in the database, injecting HTML code that loads malicious javascript from another server.
When sometime in the future you want to update your WordPress, you will have to first unlock your website by running the following command:
The following is a further explanation of the "lockdown" method:
Our script does the following to prevent PHP-FPM from editing/adding any files:
This way, PHP-FPM, which runs as a local user, can not edit/add any files.
Additionally, for the following folders :
That will allow editing/adding there, but... then
Additionally, the script checks and corrects file and folder permissions:
Essentially, the method will cause your WordPress files to become frozen, making it impossible for malware to modify them. Still, at the same time, it will allow uploading images in the gallery.
Notice: before locking, make sure to clean malware files and malware lines of code as much as possible.
Use this method to find freshly uploaded or modified php files (that are probably uploaded/modified by malware).
To lock your WordPress, in your SSH, as root, do the following:
Code: Select all
v-lock-wordpress yourdomain.com
If you don't clean up all infected files before locking, a hacker can theoretically still modify posts in the database, injecting HTML code that loads malicious javascript from another server.
When sometime in the future you want to update your WordPress, you will have to first unlock your website by running the following command:
Code: Select all
v-unlock-wordpress yourdomain.com
The following is a further explanation of the "lockdown" method:
Our script does the following to prevent PHP-FPM from editing/adding any files:
Code: Select all
chmod -R 0755 public_html/
chown -R www-data:www-data public_html/
Additionally, for the following folders :
- wp-content/uploads/
- wp-content/cache/
Code: Select all
chmod -R 0755
chown -R currentUser:currentUser
- it will add a .htaccess file to prevent the execution of .php files inside those folders.
Additionally, the script checks and corrects file and folder permissions:
Code: Select all
find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} +