Intrusion Detection Systems (IDS)

Catastrophe? Sorry, could not resist the pun. We have written a guide to assist you in your deliberations when it comes to deciding whether or not you should be moving your WordPress site to a cloud service such as Amazon or Google. The following is an extract on the subject of security.

Intrusion Detection Systems (IDS) considerations for WordPress

Imagine the worst case scenario that can happen to your website. Someone has got in, and your website is now serving content that you can’t explain to your boss whilst looking her in the eye. You have a copy on your desktop. But how on earth can you work out when the intrusion took place, and more importantly, how

First, find out what has changed:

• Compare the differences against the current copy of your website in your versioning system (SVN or Git)
• Use Tripwire for system administrators
• Use a backup system that will show you modification times against all backups for each file
• Maintain a log of system update times to rule out from the analysis

Secondly, knowing who owns the file will give you some clues about the seriousness of the breach:

The webserver as the user Apache? So this could be a WordPress or Plugin hack.

• The FTP user? FTP is dangerous, but some people will need it.
• Root? Chances are your Web Server has been hacked, or someone has come in from a completely different angle.

This is in fact just scratching the surface. Recovering and checking every element of your security setup takes time. However, running Tripwire and Tripwire like solutions will allow you to be the first to know.

Action Point:

Consider using a Diagnostic Tool which carries out sum checks to assist in determining file changes.