Freelancer.com

Go Back   Warrior Forum - The #1 Internet Marketing Forum & Marketplace > Warrior Support Forums > Programming
Register Blogs Social Groups CalendarHelp Desk

Reply
LinkBack Thread Tools
Unread 15th May 2012, 09:30 AM   #1
Active Warrior
 
Hafeez's Avatar
 
Join Date: 2011
Location: Pakistan
Posts: 52
Thanks: 3
Thanked 3 Times in 3 Posts
Lightbulb How do i can secure my wordpress blog to prevent from hacking

Hi guys,

I have my wordpress based blog and once that was hacked by someone and hacker did a pishing attack and finally my blog was reported as attacker and admin suspended my blog.

After giving some clarifications, admin reinstate my blog and now i want to secure my wordpress based blog to eleminate of hacking attack.

How do i secure my blog to maximum security level?

Any advise please?

Hafeez is offline   Reply With Quote
Unread 16th May 2012, 06:51 AM   #2
HyperActive Warrior
 
jewelraz's Avatar
 
Join Date: 2012
Posts: 180
Thanks: 47
Thanked 5 Times in 5 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Don't use "Admin" or "admin" as Admin Username, password should be Upper case+lower case+numbers

jewelraz is offline   Reply With Quote
Unread 16th May 2012, 02:28 PM   #3
Active Warrior
 
Hafeez's Avatar
 
Join Date: 2011
Location: Pakistan
Posts: 52
Thanks: 3
Thanked 3 Times in 3 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Thank you for your reply.

I have changed my all passwords and user names as well. I also changed the .htaccess files for root and some other folders but still i am feeling unsecure. Is there need to do something more?

Hafeez is offline   Reply With Quote
Unread 16th May 2012, 03:38 PM   #4
HyperActive Warrior
War Room Member
 
DeMango25's Avatar
 
Join Date: 2012
Posts: 146
Thanks: 57
Thanked 62 Times in 28 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Personally I use WP Lockup (no affiliate link) and I'm pretty happy with it, easy to set up and adds some effective security measures to your wp installation.


DeMango25 is offline   Reply With Quote
Unread 16th May 2012, 05:27 PM   #5
Warrior Member
 
Join Date: 2012
Location: New York
Posts: 6
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

I had a client that had the dreaded "this site may harm your computer" in google's SERP's. (we took over doing seo from a guy doing it for them on the side, after the fact) The first thing we did was install a wp plugin called Sucuri scanner, I believe they'll scan your site for free, help you harden it (prevent future malware, spam, etc) They charge 99 bucks to remove any infections, I hope for your sake, you'll never have to deal with it. It's pretty stressful, rankings fall, customers freak out...all of the above.
semrocks is offline   Reply With Quote
Unread 16th May 2012, 05:39 PM   #6
Developer
War Room Member
 
K Meier's Avatar
 
Join Date: 2011
Location: Dublin, Ireland
Posts: 357
Thanks: 5
Thanked 48 Times in 46 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
K Meier is offline   Reply With Quote
Unread 16th May 2012, 05:42 PM   #7
Senior Warrior Member
 
Abledragon's Avatar
 
Join Date: 2007
Location: Hong Kong.
Posts: 1,050
Thanks: 3
Thanked 211 Times in 184 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Don't forget to keep your computer clean and use SFTP rather than FTP to transfer files. WordPress security is about more than just WordPress.

Some more details here:

WordPress Security: Not Just About WordPress | WealthyDragon

Cheers,

Martin.

How to Start Your Own Business Online - a Free eBook from WealthyDragon
Abledragon is offline   Reply With Quote
Unread 16th May 2012, 08:08 PM   #8
Premium SEO Company
War Room Member
 
System Wide Solutions's Avatar
 
Join Date: 2009
Posts: 417
Thanks: 52
Thanked 40 Times in 29 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by K Meier View Post
Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
Thanks for sharing this. Nice one.

System Wide Solutions is offline   Reply With Quote
Unread 16th May 2012, 09:33 PM   #9
Warrior Member
 
darnellsmith's Avatar
 
Join Date: 2012
Location: Dallas
Posts: 13
Thanks: 1
Thanked 5 Times in 4 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Over the years I have had many websites hacked but there only one fool proof way to beat hackers.

Keep a backup of your files and database.
darnellsmith is offline   Reply With Quote
Unread 17th May 2012, 12:55 AM   #10
Warrior Member
 
Join Date: 2012
Posts: 19
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Hacking techniques are used to “harvest” email addresses, which are then used by spammers and other hackers for malicious activities. If you are storing email data on your website, for what-ever required reason, make sure it’s stored in a secure format, such as a MySQL Database.

gladiolus is offline   Reply With Quote
Unread 18th May 2012, 04:09 AM   #11
Active Warrior
 
Join Date: 2012
Posts: 39
Thanks: 10
Thanked 6 Times in 4 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

You should also add this:

<Files readme.html>
Order Deny,Allow
Deny from All
</Files>

to you .htaccess file. This prevents people (including you) from checking what version of Wordpress you are using which hackers might use to exploit vulnerabilities of the previous versions.
JesseN is offline   Reply With Quote
Unread 18th May 2012, 05:06 AM   #12
Active Warrior
War Room Member
 
Fahmzie's Avatar
 
Join Date: 2012
Location: Southwest FL
Posts: 83
Thanks: 7
Thanked 19 Times in 18 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by K Meier View Post
Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
Nice guide there..

Always keep backup of your files and data. Use some automatic plugin that backup your data and send it to your email.
Fahmzie is offline   Reply With Quote
Unread 18th May 2012, 06:20 AM   #13
Warrior Member
 
Join Date: 2012
Posts: 23
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

I use WP Lockup (no affiliate link) and I'm pretty happy with it,
Randy27 is offline   Reply With Quote
Unread 18th May 2012, 06:23 AM   #14
Active Warrior
 
Join Date: 2011
Posts: 30
Thanks: 0
Thanked 1 Time in 1 Post
Default Re: How do i can secure my wordpress blog to prevent from hacking

Make your password 100% strong.

aeroponica is offline   Reply With Quote
Unread 18th May 2012, 01:36 PM   #15
Mkj
HyperActive Warrior
 
Join Date: 2011
Posts: 197
Thanks: 3
Thanked 21 Times in 21 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

If you have a static ip address you can block access to the admin section, or any other part of your website, with this code placed in a htaccess file within the directory you want to protect:

Code:
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
allow from (put your own ip address here without the brackets)
</LIMIT>
Bit more peace of mind. Works for me for sure.
Mkj is offline   Reply With Quote
Unread 18th May 2012, 09:16 PM   #16
Active Warrior
 
Join Date: 2009
Posts: 49
Thanks: 1
Thanked 1 Time in 1 Post
Default Re: How do i can secure my wordpress blog to prevent from hacking

1) Change your password every month
2) Upgrade to latest version ALWAYS

Get a free mobile site
derek.ang is offline   Reply With Quote
Unread 29th May 2012, 06:54 PM   #17
HyperActive Warrior
War Room Member
 
Join Date: 2012
Posts: 186
Thanks: 7
Thanked 31 Times in 27 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Hello,

all practices listed are true. But even if you follow them all your site may still have lots of vulnerabilities. Even if you use SFTP and have extremely strong password, etc. the problem is that you make constant changes to you sites (instal news scripts, add new code, plugins, etc.). thats how hackers penetrate.

1. Test in test environments (if possible) before putting it in production it will reduce your risk significantly.
2. Every time you make changes to your site, you need to audit it to make sure there are no vulnerabilities.
3. Use good practices posted above.

regards,

So11
so11 is offline   Reply With Quote
Unread 2nd June 2012, 01:12 AM   #18
Senior Warrior Member
War Room Member
 
Join Date: 2002
Posts: 2,607
Thanks: 22
Thanked 97 Times in 73 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Don't use wordpress? Make sure you update it regularly. Disable the wp-admin access when you are not using it. Change your hosting passwords regularly. Instead of just updating or allowing cpanel to install your wordpress manually remove all the files on your host and manually install and setup wordpress.

The one button installs that are in cpanel do leave security risks and holes open for hackers, which is why I recommend manually installing wordpress vs the easy push button route most hosts provide.

Alternatively, don't use wordpress. Most here love it and I think wouldn't know what to do without a wordpress run website, everyone to their own. I personally don't like wordpress and security issues are a few of the reasons why, everyone to their own though.
Terry Crim is offline   Reply With Quote
Unread 2nd June 2012, 06:59 AM   #19
Premium SEO Company
War Room Member
 
System Wide Solutions's Avatar
 
Join Date: 2009
Posts: 417
Thanks: 52
Thanked 40 Times in 29 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by K Meier View Post
Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
Thanks. This is really helpful.

System Wide Solutions is offline   Reply With Quote
Unread 2nd June 2012, 07:02 AM   #20
Warrior Member
 
Join Date: 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

You can protect the folder wp-admin with password. So you have two layers password to access wp-admin

doganj1 is offline   Reply With Quote
Unread 2nd June 2012, 11:49 AM   #21
HyperActive Warrior
 
Join Date: 2011
Location: WarriorForum
Posts: 435
Thanks: 49
Thanked 25 Times in 25 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Hey Hafiz, I am not that much expert on securing WP blogs. I haven't provided any security to my wordpress blog yet cause its free blog. You can use WP locker if you want.

My Archive :- A blog where you will get everything updated !
Get Walkthrough Videos of Newly Released Games from Entertainment Discuss!!
hilarious89 is offline   Reply With Quote
Unread 2nd June 2012, 05:57 PM   #22
HyperActive Warrior
War Room Member
 
Join Date: 2012
Posts: 186
Thanks: 7
Thanked 31 Times in 27 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Hello,

I dont think it matters if its free or not. The point is to make your site/product look credible. If you have many subscribers coming to your defaced/hacked site, what impression does that make?
so11 is offline   Reply With Quote
Unread 6th June 2012, 08:57 PM   #23
Active Warrior
 
EndTheTrendNow's Avatar
 
Join Date: 2012
Location: Austin, Texas
Posts: 83
Thanks: 16
Thanked 5 Times in 4 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

The biggest reason wordpress sites get hacked is because the owner doesn't update the version when new releases come out, have easy passwords or have a virus on their machine that records login info.
EndTheTrendNow is offline   Reply With Quote
Unread 7th June 2012, 01:15 AM   #24
HyperActive Warrior
War Room Member
 
swriviera's Avatar
 
Join Date: 2011
Location: France
Posts: 102
Thanks: 27
Thanked 41 Times in 33 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by Terry Crim View Post
Don't use wordpress? Make sure you update it regularly. Disable the wp-admin access when you are not using it. Change your hosting passwords regularly. Instead of just updating or allowing cpanel to install your wordpress manually remove all the files on your host and manually install and setup wordpress.

The one button installs that are in cpanel do leave security risks and holes open for hackers, which is why I recommend manually installing wordpress vs the easy push button route most hosts provide.

Alternatively, don't use wordpress. Most here love it and I think wouldn't know what to do without a wordpress run website, everyone to their own. I personally don't like wordpress and security issues are a few of the reasons why, everyone to their own though.
I'm fairly new to making websites and I have learned how to use wordpress and I am very happy with all of the things you can do with it ... that being said what would YOU suggest to be a safer alternative to wordpress that someone who is NOT a computer programmer can use?

Thanks,

Sandra Walsh
swriviera is offline   Reply With Quote
Unread 7th June 2012, 01:52 AM   #25
HyperActive Warrior
War Room Member
 
swriviera's Avatar
 
Join Date: 2011
Location: France
Posts: 102
Thanks: 27
Thanked 41 Times in 33 Posts
Default How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by K Meier View Post
Check this out. It's a bigger guide on how to secure your wordpress blog. The PDF file is quite big The WordPress Security Checklist
This is a GREAT reference. I only just skimmed through for right now ... so much to learn!!!

There is a detail that I really like on their site. Just below the download button they add:

"Please do not link directly to this page or the pdf document.
Their locations will change over time.
Instead link to the main home page."

Even this is a small detail you can copy to add yet another level of protection to your downloads ...

Simple yet brilliant.

Until I have time to go through all of the document do you all have more suggestions of wp plugins that can help?
wp lockup was suggested, any more?

Thanks so much for all this info!!

Sandra Walsh
swriviera is offline   Reply With Quote
Unread 8th June 2012, 02:11 AM   #26
Active Warrior
 
annife polak's Avatar
 
Join Date: 2012
Posts: 35
Thanks: 4
Thanked 1 Time in 1 Post
Default Re: How do i can secure my wordpress blog to prevent from hacking

This is a never ending topic. There will be attacks from hacker as long as it will comes new version and update. It natural.

But you can do the best on your own. I would recommend you to use plugin called: "BulletProof Security".

A.

I am a german living czech republic. Expert on XHTML, PHP. In free time I like CSS coding. Love traveling, skiing and other sports. I spend 5 years in Norway. Im huge fan of ecology and food. Feel free to text me anytime.
annife polak is offline   Reply With Quote
Unread 8th June 2012, 07:26 AM   #27
Active Warrior
 
Join Date: 2012
Location: New York
Posts: 29
Thanks: 0
Thanked 1 Time in 1 Post
Default Re: How do i can secure my wordpress blog to prevent from hacking

If only you ever have the need to log into your control panel, I like to lock down the /wp-admin/ directory. Something like this....

Code:
<Location /wp-admin/*>
 Order Deny,Allow
 Deny from all
 Allow from 127.0.0.1
 Allow from %%1
 Allow from 207.29.0.0/17      #.leapwireless.net 
# Note: might want to include the server's own ip address too
</Location>
porcupine73 is offline   Reply With Quote
Unread 8th June 2012, 07:45 AM   #28
HyperActive Warrior
 
Fadiz's Avatar
 
Join Date: 2010
Location: Palm Desert, CA
Posts: 232
Thanks: 62
Thanked 47 Times in 42 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

you can't 100% secure any site, i'm sure u all heard about linkedin hack yesterday now with that being said the only thing you can do is making your site less attractive to hackers and hackers bots.
You can do it manually by adding few line of code to your .htaccess file Hardening WordPress WordPress Codex
or install a plugin like this one WordPress › BulletProof Security WordPress Plugins
Fadiz is offline   Reply With Quote
Unread 8th June 2012, 09:23 AM   #29
HyperActive Warrior
War Room Member
 
Join Date: 2012
Posts: 186
Thanks: 7
Thanked 31 Times in 27 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

hello,

What is security? It is a set of best practices and ongoing processes (Plan, do, check, act).

How can I assure security of my site and information?
1. Apply admin best practices
2. Dont test anything in production
3. Know what you are installing
4. Use security hardening techniques (read white papers from known sources)
5. Constantly audit/scan your sites and patch identified vulnerabilities.
6. Repeat 1 to 5 non stop.

What is a plugin : it is a patch to a known security problem.

Why/how do i get vulnerabilities? Because we constantly make changes to our site/code (ex.: install new plugin )

so11
so11 is offline   Reply With Quote
Unread 8th June 2012, 10:55 AM   #30
Ad network programmer
War Room Member
 
Workman's Avatar
 
Join Date: 2010
Posts: 115
Thanks: 60
Thanked 18 Times in 14 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Hey! I know a thing or two about this!

If you haven't already, check out Hardening Wordpress by the Wordpress team. They tend to keep a pulse on what's going on with their platform.

You may want to make sure that...
  • After installing Wordpress, that you remove write permissions from all folders that don't need it. Never 777 any file/folder without good reason. This is grossly abused (Why?)
  • Keep regular backups of your database and site in case something terrible does happen or your site is compromised.
  • Admin Users should have reasonably difficult passwords to guess/brute force (8+, Alphanumeric, Symbols if you wish; The longer the better)
  • Ensure that you trust the Plugins and Themes you're installing and disable ones you're not using. Just one vulnerabilty could compromise your entire site. (More on this below)

Plugins and Themes - How most Wordpress sites get hacked
Anytime you install a plugin or theme, you're introducing new code that has complete control over the rest of your application.
You know how some people always seem to have virus problems with their computers because they're installing various programs? It's the same with Wordpress plugins.

A basic install of Wordpress is pretty well tightened, this is something the Wordpress core team has done a fantastic job with. But as you add more plugins by developers that work on the plugin as a side project you may inadvertently install a known security gap into your site. Same goes for themes.

There's a good chance that if you only install trusted (and maintained) plugins (All-in-one SEO, wp-sitemap), create/modify your own themes, and keep your Wordpress install up to date, you'll be reasonably secure on the application level. The more you add on, the more potential weaknesses you introduce to your site. This is the reason why Wordpress is such a powerful engine, but makes it a dangerous platform if there's even one fault in any plugin or theme.

There's more, but Hardening Wordpress covers most of it. Hope this helps!
Workman is offline   Reply With Quote
Unread 17th February 2013, 01:45 AM   #31
Warrior Member
 
Join Date: 2012
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Helpful hint on how to secure your blog from attacks

How To Secure Your Wordpress Blogs
naijabb is offline   Reply With Quote
Unread 17th February 2013, 03:13 AM   #32
ResponsiveDesignTest.Net
Registered Member
 
Michael71's Avatar
 
Join Date: 2011
Location: Rostock, Germany
Posts: 826
Thanks: 107
Thanked 221 Times in 191 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

There is so much you can do to harden your blog.

I am using a mix of htaccess rules, plugins like Wordfence and other security related ones and a backup solution (if it really gets hacked and I have to reinstall the blog).

For example, my blog is in english...

1. deny all proxies via htaccess
2. deny all traffic from known spammer ip's via htaccess
3. secure wp-admin via htaccess
4. always stay up to date
5. Wordfence plugin (free version)
6. BPS plugin

When installing a blog there are some basic rules like:

1. do not use admin for administrator account
2. admin account password should have 16 or more chars (upper-, lowercase, numbers, ...)
3. do not use wp_ as database prefix

...

HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
---
Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design - InternetCookies.eu
Michael71 is offline   Reply With Quote
Unread 14th April 2014, 10:43 AM   #33
Advanced Warrior
 
vishwa's Avatar
 
Join Date: 2012
Location: India
Posts: 941
Thanks: 9
Thanked 103 Times in 97 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Check this article here How to prevent your Wordpress From Spam and Hacking? | Webtalkerz
vishwa is online now   Reply With Quote
Unread 19th April 2014, 02:04 AM   #34
w13
Hyper Active Warrior
War Room Member
 
w13's Avatar
 
Join Date: 2014
Location: Near to The Future
Posts: 183
Thanks: 68
Thanked 10 Times in 10 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

my site has been attacked by hacker but since I used bullet proof security plugin, my site comes safely and never get attack..
w13 is offline   Reply With Quote
Unread 28th April 2014, 05:48 AM   #35
Warrior Member
 
Join Date: 2014
Posts: 25
Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

That's great information you have discussed here.
julliawilson is offline   Reply With Quote
Unread 28th April 2014, 09:01 AM   #36
Server Problem Smasher
 
jeffatrackaid's Avatar
 
Join Date: 2010
Location: Jacksonville, FL
Posts: 38
Thanks: 0
Thanked 11 Times in 10 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

There's a lot of information on this topic with may tips and tricks. Much of it is pre-mature security steps.

3 Key Items

  • Keep your WP code, themes and plugins updated.
  • Use themes and plugins from reliable sources. Make sure these are actively maintained.
  • Remove unused plugins/themes from your server.
The last one is often overlooked.



A disabled plugin can pose as great a security threat as an active one.


So make sure you remove what is not in use.


I have a round up of some simple and advanced tips here:


The 20 Best WordPress Security Tips on the Web


Also, blocking logins using HTACCESS is highly preferred to plugin based methods. This technique uses far fewer resources than PHP based methods and provides a method that's independent of WP itself for security.


Here's a Quick Way to Stop WordPress Brute Force Attacks


If you manage multiple WP sites, check out https://managewp.com/

Server support services for small businesses. Remember, Faster sites sell more.
jeffatrackaid is offline   Reply With Quote
Unread 2nd August 2014, 05:10 AM   #37
WordPress Support Warrior
War Room Member
 
WPExpert's Avatar
 
Join Date: 2009
Location: Scotland
Posts: 63
Thanks: 8
Thanked 8 Times in 6 Posts
Default Re: How do i can secure my wordpress blog to prevent from hacking

Quote:
Originally Posted by Hafeez View Post

How do i secure my blog to maximum security level?

Any advise please?
I have a gig for that on Fiverr ~ stop your WordPress website from being hacked - fiverr

If you want to take your site to DEFCON-1, I will do it for you.

Terence.

What could you do with a super-fast web-server? | I will build you a WordPress VPS thats 300x faster for $5
WPExpert is offline   Reply With Quote
Reply

  Warrior Forum - The #1 Internet Marketing Forum & Marketplace > Warrior Support Forums > Programming

Bookmarks

Tags
blog, hacking, prevent, secure, wordpress

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off




All times are GMT -6. The time now is 05:40 AM.