moving your WordPress site to a cloud service such as Amazon or Google. The following is an extract on the subject of security.
Intrusion Detection Systems (IDS) considerations for WordPressImagine the worst case scenario that can happen to your website. Someone has got in, and your website is now serving content that you can’t explain to your boss whilst looking her in the eye. You have a copy on your desktop. But how on earth can you work out when the intrusion took place, and more importantly, how
First, find out what has changed:
- Compare the differences against the current copy of your website in your versioning system (SVN or Git)
- Use Tripwire for system administrators
- Use a backup system that will show you modification times against all backups for each file
- Maintain a log of system update times to rule out from the analysis
Secondly, knowing who owns the file will give you some clues about the seriousness of the breach:The webserver as the user Apache? So this could be a WordPress or Plugin hack.
- The FTP user? FTP is dangerous, but some people will need it.
- Root? Chances are your Web Server has been hacked, or someone has come in from a completely different angle.