A couple months back, a faulty server configuration at Network Solutions shared hosting boxes led to many WordPress blogs getting hacked. The security flaw allowed other users on the same box to read other users’ configuration files. At first, people blamed WordPress for it but later on it was determined that it was the hosting provider’s fault because a properly configured web server shouldn’t allow users to have access to other users’ files (vice versa), regardless of the file permissions.
Because of what happened, iThemes via their PluginBuddy website, created and released a free WordPress plugin called ServerBuddy. The ServerBuddy WordPress plugin tests the web server’s configuration to analyze the quality of the hosting provider and its server configuration. The plugin looks for problems with compatibility with different WordPress themes and plugins and provides easy to understand explanations to different server settings. It also generates reports and samples of what to ask hosting providers if a problem is identified in the server configuration that needs fixing.
Another important ServerBuddy feature is Security Testing. This plugin analyzes file permissions of important WordPress files to check if they are properly configured to make sure that the blog is secure and safe from intrusions. ServerBuddy is a must-have plugin for any WordPress blog and great tool for regular WordPress users, theme & plugin developers and especially hosting administrators.
Kudos to the folks from iThemes and PluginBuddy for releasing the ServerBuddy WordPress plugin to the community for FREE. ServerBuddy is easy to install, just download the file and unzip it. Then upload the folder to the wp-content/plugins/ folder on your web server and then activate it, then it will show up on its own section below Tools and Settings.
Anyone here hosted on Network Solutions that got hacked during this incident? What have you done to secure your WordPress blog? Anyone else using the ServerBuddy WordPress plugin to check their hosting provider’s server configuration? Please share your thoughts.