Link to home
Create AccountLog in
Avatar of crazywolf2010
crazywolf2010Flag for United Kingdom of Great Britain and Northern Ireland

asked on

Wordpress Security Hardening

Hi,
I have a wordpress 3.2.1  blog and a 3rd party coder left file permissions open at  wp-content/plugins/owa/plugins . Now it's causing trouble...

I have errors as below :
Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'odesk_oracledba'@'boscgi2802.eigbox.net' (using password: YES) in /hermes/bosweb/web159/b1595/ipg.newsite/newsite_co_uk/wp-content/plugins/owa/plugins/db/owa_db_mysql.php on line 117

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /hermes/bosweb/web159/b1595/ipg.newsite/newsite_co_uk/wp-content/plugins/owa/plugins/db/owa_db_mysql.php on line 120

Warning: mysql_set_charset() expects parameter 2 to be resource, boolean given in /hermes/bosweb/web159/b1595/ipg.newsite/newsite_co_uk/wp-content/plugins/owa/plugins/db/owa_db_mysql.php on line 123

Warning: mysql_errno(): supplied argument is not a valid MySQL-Link resource in /hermes/bosweb/web159/b1595/ipg.newsite/newsite_co_uk/wp-content/plugins/owa/plugins/db/owa_db_mysql.php on line 170

I wish to know how I can fix these errors and what should I do to make my wordpress watertight secure?

newsite_co_uk is replaced to hide identity.


Many Thanks
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image

The above errors have nothing to do with file permissions. Those are all login errors or MySQL query errors.  

Most plugin folders should be set to 755 for security.  As for the rest, read this:

http://codex.wordpress.org/Hardening_WordPress
Avatar of crazywolf2010

ASKER

OK, I will chage file permsisions but more importantly how can I fix these errors?

'odesk_oracledba'@'boscgi2802.eigbox.net' - I never configured this mysql user, I dont from where it got there.

Thanks
Clearly it came from the third party coder.  Without seeing all of what they did and why it's almost impossible to answer.  There's no chance to get them to come back and clean up their mess?
Yeap, he ran away.  He won't come back.

The errors are retutned for plugin "wp-content/plugins/owa/plugins". Is it possible for me to delete this plugin cauing errors?
I tried searching under wp-admin for "owa plugin" but found nothing.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of Jason C. Levine
Jason C. Levine
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
'odesk_oracledba'@'boscgi2802.eigbox.net' - I never configured this mysql user, I dont from where it got there.
If I had to guess I'd say your 3rd party coder put it there, too.  Did you use odesk.com to hire him?  If not, perhaps your coder subcontracted there.

How about deleting/disabling the owa plugin?  Do you know what it is?  Rename the folder if you don't have access to the admin.
Also, let this be a lesson about the hazards of Odesk (assuming you hired directly through them).  I've had much, much better luck with jobs.wordpress.net