protecting my wp installation from being hacked

which hosting company you using?

Read this article, there are some plugins you can use that will help:

8 WP Plugins To Optimize and Secure Wordpress From Hackers | Internet Marketing Wizard

thx for the replies

Using strong passwords with a combination of lower case and upper case letters as well as numbers and symbols for every aspect of your site. That includes hosting account, wordpress admin login, and ftp users. Make sure you add in Authentication Unique Keys and Salts in the config.php file (The link to get your unique keys and salts is in that file).

That's just a start.

Lately, a lot of blogs were hacked because of a script called timthumb.php - used in many themes for resizing images.

If any of your themes uses such a script (sometimes also called just "thumb.php") replace it immediately with a newer version.

Read more...

There are a number of great tips and suggestions for securing your WP site. All I would add is that you don't use "Admin" as your user name. Hackers can start with that and then attempt to guess your password by using software. Combine letters and figures. Copy, paste and save your username and password in a safe place and don't share.

Make your password an unintelligible jumble of letters, figures and special characters and not your date of birth or the name of your town or pet.

People in one of my Skype groups actually just discussed this. Make sure that all themes and plugins are up to date. Install this and run a scan: Sucuri - Monitor & Scanner dashboard . Make changes as needed.

Other suggested plugins:

• Secure Wordpress
• Antivirus

Many of you forget to go through the codex, which provides you the best solution and instead start depending on "plugins" which offer to give you less headache.

Hardening WordPress « WordPress Codex

35 Security Plugins to Make Your Wordpress Bulletproof

Hi all, I'm hoping someone will take pity on me and offer some advice. I was trying to make my wordpress site more secure. I did a backup of the DB and the WP site. I manually changed the "wp_" tags in myphpadmin to a random string, and I'm sure I got them all, I even did a search across the database to make sure I didn't miss any of the table items. Things seemed fine. I clicked around, no problems. I added security keys to the config file. It seemed ok. Then I deleted the install.php and install-helper.php from my admin folder. Then my whole site disappeared. I tried to upload my backup of my site, but it went straight to the install page and asked for a user name & password. I had no idea what to do, so I used what I had before (not "admin"), but once inside my posts and pages were all gone. The plugins were there. Weird.

Can anyone take pity on me and tell me how to fix what I screwed up, and get my site back to what it was?

::stars at floor with embarrassment::

I suspect ^^ this was the problem. The phpMyadmin thing is a very dangerous tool if you are not 110% comfortable how to use it. It can wipe out your whole blog in a blink...

Another thing: did you put that "random string" into your config file?

Yes, I do have a copy, but when I tried to restore it is when the install prompt page came up. I'm afraid that trying to fix it might make it worse (I'm special like that) -

So I just spoke to my hosting company who can restore the files and the DB back to last Sunday. I've been working on other sites, so I don't lose any recent stuff. I'm going to do that, and then come back here to use the links above to find plugins & suggestions from you nice, smart-than-myself people on how to do it properly.

::bows to your kindness & wisdom::

Hi,

Please consider looking at this WF blog article.

http://www.warriorforum.com/blogs/az...han-sorry.html

Hope the article helps a bit.

The best way to protect yourself from getting hacked is by getting your website backed up regularly.

Robert and Lance has just put out a new product called backup creator at backupcreator.com

They have 2 other successful plugins.

Wordpress Drip, which allows you to drip out content in your membership site. This plugin has been supported for over 2 years.

Actionpopup.com is the other one. It allows you to add a popup on your blog. They have been supporting the plugin for over 4 years now.

They definitely know what they are doing... so pick up backup creator today before the price goes up.

This is for future reference for newbs like me, who make the same mistake that I did & changes table IDs, then finds blank pages on their site & then freak out.

I did some testing on a domain that's not in use.
I created the database, put up some BS pages & posts, so I was testing with an "existing" DB.
First I changed the "wp_" ID to add a random string in the .config file, so it looks like this: wp_randomstringof20to25characters
Second, I went to myphpadmin and changed the table IDs to reflect the new ID.
Third, yep - blank white pages on my site.

Here are 3 ways I found to fix it:

1. I reactivated the Twenty Eleven default theme and refreshed my website page. Content was there. So I went back and reactivated my preferred theme, yep, content was back.

2. I deleted everything and started over. This time when I got blank pages, activated a default theme did not work. So I made a list of my plugins & began deleting one at a time & refreshing my website page after each one. Eventually the content came back, so I reinstalled the plugins I had deleted.

3. Deleted everything and started over. This time I refreshed and got my main website page, but no other pages. This time it was deleting the plugins one at a time that did the trick.

I hope that helps some other newb in the future.