Page 1 of 1

How to use v-lock-wordpress

Posted: Wed Feb 01, 2023 2:35 pm
by isscbta
To provide users with an easier way to deal with malware that cannot be easily eradicated from the site, we have invented the WordPress "lockdown" method.
Essentially, the method will cause your WordPress files to become frozen, making it impossible for malware to modify them. Still, at the same time, it will allow uploading images in the gallery.

Notice: before locking, make sure to clean malware files and malware lines of code as much as possible.
Use this method to find freshly uploaded or modified php files (that are probably uploaded/modified by malware).

To lock your WordPress, in your SSH, as root, do the following:

Code: Select all

v-lock-wordpress yourdomain.com
Note that this will only lock the files, not the database, as the database is impossible to lock.
If you don't clean up all infected files before locking, a hacker can theoretically still modify posts in the database, injecting HTML code that loads malicious javascript from another server.

When sometime in the future you want to update your WordPress, you will have to first unlock your website by running the following command:

Code: Select all

v-unlock-wordpress yourdomain.com

The following is a further explanation of the "lockdown" method:

Our script does the following to prevent PHP-FPM from editing/adding any files:

Code: Select all

chmod -R 0755 public_html/
chown -R www-data:www-data public_html/
This way, PHP-FPM, which runs as a local user, can not edit/add any files.

Additionally, for the following folders :
  • wp-content/uploads/
  • wp-content/cache/
It will execute:

Code: Select all

chmod -R 0755
chown -R currentUser:currentUser
That will allow editing/adding there, but... then
  • it will add a .htaccess file to prevent the execution of .php files inside those folders.
So, since PHP files cannot be executed from those folders, it is safe to allow uploading and modifying files there so that users can upload images.

Additionally, the script checks and corrects file and folder permissions:

Code: Select all

find public_html/ -type d -exec chmod 755 {} +
find public_html/ -type f -exec chmod 644 {} +

Re: How to use v-lock-wordpress to prevent spreading or being infected by PHP malware

Posted: Fri Mar 03, 2023 6:44 pm
by mau.sav
Hello, this feature seems really amazing, but i have a concern: can i use it safely on a woocommerce based site? I mean locking WP still keep the site working as usual (except for the update process indeed)?

Thank you

Re: How to use v-lock-wordpress to prevent spreading or being infected by PHP malware

Posted: Tue Mar 07, 2023 2:36 pm
by myVesta
Try.
The solution is not perfect for every scenario, for example, if some plugin put custom .php script inside /wp-content/uploads/ - that .php script will definitely fail execution.
However, we successfully locked few WordPress sites that have WooCommerce, without any problem.