15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

Securing wordpress

by Bozigian
13 replies
Hello fellow warrriors, I have something I believe that many people believe that many people can benefit from this thread and for especially noobs like myself.

I keep hearing stories about wordpress getting hacked so i though i should ask for help. i need help securing my wordpress site. and the plugin that i am using is Secure Wordpress.

i use hostgator and found a thread on how to secure your wordpress site. but i still do not understand how it works or how to do it properly and i have tried videos on youtube but something always happens to my settingg that prevents me from securing my site. this is what one person wrote on the gator forums

http://forums.hostgator.com/secure-y...te-t93735.html
#securing #wordpress
  • Profile picture of the author YoichiSpeaks
    I recommend plugins like Login Lockdown, WP Firewall 2, TAC, Blog Protector Final, WP Security Scan, SI Captcha
    Signature
    Join Our Exclusive Affiliate Marketing Discord Group - Inside Info That Can Get Us Banned In This Industry" https://discord.gg/KbbhNxRc
    {{ DiscussionBoard.errors[3319278].message }}
    • Profile picture of the author Bozigian
      Yoichi, is that the only method that you use to secure your own wordpress?
      {{ DiscussionBoard.errors[3319327].message }}
      • Profile picture of the author Damian G
        One of the best things you can do is to make sure Wordpress is always running at the most current version.
        {{ DiscussionBoard.errors[3319366].message }}
        • Profile picture of the author Damian G
          oh, and quite often it is the plugins themselves that are the security weakness, so keep them updated too.
          {{ DiscussionBoard.errors[3319372].message }}
          • Profile picture of the author Ben Armstrong
            I had both my sites hacked on the weekend. Just after I managed to get ranked on page 1 of google for one of them.

            I wish I had taken more precautions to begin with.

            I'm using the latest version of wordpress, not using the default admin username and have very secure passwords. Unfortunately it seems there's a lot more to it than that. Hopefully this thread will provide some great tips.
            Signature

            {{ DiscussionBoard.errors[3319384].message }}
            • Profile picture of the author Damian G
              There is also the chance that your web host could get hacked which could render all your wordpress security useless.

              You can take all the precautions under the sun, but when it comes down to it you are only as safe as your weakest link and unfortunately not everything will be under your control.
              {{ DiscussionBoard.errors[3319420].message }}
  • Profile picture of the author YoichiSpeaks
    Disable directory browsing
    Check file permissions on important files
    Restrict access to your wp-config.php
    .htaccess based intrusion detection

    These are some of other precautions that I know of
    if anybody can add on, that would be great.
    Not too knowledgeable when it comes to security but better than nothing I guess
    Signature
    Join Our Exclusive Affiliate Marketing Discord Group - Inside Info That Can Get Us Banned In This Industry" https://discord.gg/KbbhNxRc
    {{ DiscussionBoard.errors[3319362].message }}
  • Profile picture of the author gottahave
    Another thing all Wordpress bloggers should be doing is backing up their sites. With a normal static site, you usually have a copy of the site on your hard-drive where you created it but not so with Wordpress.There a few plugins that automate backups for you and email the backup file to you.

    Set it up and then just forget it.
    {{ DiscussionBoard.errors[3319421].message }}
  • Profile picture of the author briancassingena
    Anyone got any non-nerdly resources that you don't need an I.T. degree to decipher?
    Signature
    Copywriting For Non-Copywriters: FREE 30-Day Journey
    {{ DiscussionBoard.errors[3319424].message }}
    • Profile picture of the author donhx
      Originally Posted by briancassingena View Post

      Anyone got any non-nerdly resources that you don't need an I.T. degree to decipher?


      YoichiSpeaks has recommended Login Lockdown, WP Firewall 2, TAC, Blog Protector Final, WP Security Scan, SI Captcha. These are plugins that you can get here http://wordpress.org/extend/plugins/ .....and they self-install.

      Doesn't get more non-nerdy than that.
      Signature
      Quality content to beat the competition. Personalized Author Services
      {{ DiscussionBoard.errors[3319511].message }}
    • Profile picture of the author Bozigian
      @braincassinga
      i will help you for the backwordpress part

      i use a plugin called Wordpress Database Backup by Austin Matzko so get that plugin and install it.

      and then now under the tools section it should now say backup, click on that
      and then a list should come out like
      wp_comment
      wp_comments
      wp_links
      blah blah blah blah anyways

      just scrool down on the same page to where it says
      Backup Options and just click download to your computer

      and to have it backed up automatically for you
      there is a section where it says email back up__________ and then you put your email address their
      and it gives you the options of how often to back up.

      hope i helped
      {{ DiscussionBoard.errors[3319521].message }}
  • Profile picture of the author Abledragon
    There are a few things you can do in addition to adding plugins, but you also need to consider your overall environment.

    For example, if you use FTP your FTP username and password can be picked up.

    If a key logger or other malware has been installed on your machine whoever installed it could have not only your wordPress username and passwords but all your other details too.

    This article goes through the steps I take with all new WordPress sites I put up:

    WordPress Security: Not Just About WordPress | WealthyDragon

    Cheers,

    Martin.
    Signature
    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[3319552].message }}
    • Profile picture of the author Bozigian
      this might help
      i put this in my htaccess file at the hostgator thing

      <Files ^(*.jpeg|*.jpg|*.png|*.gif)>
      order deny,allow
      deny from all
      </Files>

      this code will allow only certain files to be uploaded and deny others, and deny scripts, does hostgator have to 777?
      {{ DiscussionBoard.errors[3319569].message }}

Trending Topics