Keep Your WordPress Website Clear of Soup Kitchen Servers
One of the regular issues plaguing WordPress website owners is soup kitchen servers. A soup kitchen server is one that has never been maintained properly and has a combination of websites, old software, archives, unneeded files, folders, e-mail, and so on, all living on the hard drive of the web server.
The real problem comes into play with the out of sight, out of mind phenomena. A server owner can forget about software installations on a server that may be outdated or insecure. Over time this forgetfulness introduces new vulnerabilities to the environment:
Disabled installs or websites that live on the server are as accessible and susceptible to external attacks as live sites.
When a forgotten install or website is infected, it leads to cross-site contamination — a worm-like effect where the infection can jump and replicate itself across the server.
In many instances, these forgotten installs or websites house the backdoor and engine of the infection. This means that as you try to rigorously clean your live website, you continuously get re-infected.
Following is what a soup kitchen server looks like. $wp_version indicates the version of WordPress that is currently installed in the directory listed. With a lot of listings for $wp_version = 2.9 — considering the most recent version of WordPress, at the time of this writing, is 3.5 — you can see how many out of date installations of WordPress this particular soup kitchen server has.
If you have more than one installation of WordPress on your current hosting account, try the following to help reduce your risk of running a soup kitchen server:
Isolate each installation with its own user — this action minimizes internal attacks that come from cross-site contamination.
Keep your installs up-to-date and remove them when you no longer need them — this action lessens the risk of attacks that result from outdated software on your server.