28 {{ upvoteCount | shortNum }}
28 {{ upvoteCount | shortNum }}

How Can I Protect My Wordpress Blogs From Being Hacked?

by mdotwhite
24 replies
What a bomber...I had one of my biggest earning blogs hacked and I had to delete it and re- upload it to fix the problems. How can I protect my blogs in the future from being hacked?
#blogs #hacked #protect #wordpress
  • Profile picture of the author Ron Douglas
    If someone is determined to hack your site and is skilled at it, there isn't much you can do. Here are some tips to deter the less skilled common hackers:

    - Always upgrade to the latest version of Wordpress when it's released. There is an automatic upgrade plugin you can use.

    - Always upgrade your plugins when new versions are released.

    - Make sure you have strong passwords that include capital letters, numbers, symbols, etc
    Signature
    {{ DiscussionBoard.errors[1881631].message }}
  • Profile picture of the author senderbot
    You can search Google and get a ton of info.

    But here's my recommendations:
    1. The number one thing you should do is always have the most up to date version.
    2. Next go to WordPress › Extend and look for these plugins -
    antivirus
    paranoid911
    secure-wordpress
    wp-security-scan.
    3. Never use "admin" as a login for your admin.
    4. Always use a backup plugin to automate your backups in the event of being hacked. Look for WP-DB-Backup.

    Cheers
    Max
    Signature
    PornStarStamina is for sale! - Buy the book rights and website! or Just Download the Book For FREE! - Check it out!
    {{ DiscussionBoard.errors[1881664].message }}
  • Profile picture of the author Marko Vel
    Believe me, you can do all of that, but if someone has enough knowledge how to crash down your site, there is nothing you can do, i had some bad experience
    Signature
    Serpline - Powerful SEO guidelines
    {{ DiscussionBoard.errors[1881962].message }}
    • Profile picture of the author mdotwhite
      Thanks for the tips guys. I just think it's crazy that anyone would go through the trouble of hacking someone's website.
      {{ DiscussionBoard.errors[1882011].message }}
      • Profile picture of the author Sara Young
        Originally Posted by mdotwhite View Post

        Thanks for the tips guys. I just think it's crazy that anyone would go through the trouble of hacking someone's website.
        I've had it happen to me too.

        Off the top of my head, here are 3 reasons why someone would want to hack your site (there's more but I'm too tired to think right now):

        - to place links to their own site

        - to steal your commissions (they can replace your adsense or affiliate id with theirs)

        - to spread malware
        Signature
        {{ DiscussionBoard.errors[1882761].message }}
    • Profile picture of the author stevendbrady
      Originally Posted by Marko.V View Post

      Believe me, you can do all of that, but if someone has enough knowledge how to crash down your site, there is nothing you can do, i had some bad experience
      Yeah, you should take every measure that you can think of, but it's not worth giving yourself an ulcer over. A shared webhost can have vulnerabilities on other websites that give people access to hack your own. Even *IF* your system could be 100% secure, you also have to depend on everyone else doing the same to theirs, including the hosting company.

      Originally Posted by senderbot View Post

      2. Next go to WordPress › Extend and look for these plugins -
      antivirus
      paranoid911
      secure-wordpress
      wp-security-scan.
      This is a great list of plugins. While I'd do everything in senderbot's list, make especially sure you install these. With how each it is to install plugins on WordPress, it's just lazy to decide not to use these.

      And, always remember to backup backup backup.
      {{ DiscussionBoard.errors[1882374].message }}
  • Profile picture of the author JonMills
    also check this out Secure your phpinfo.php files with .htaccess ? Perishable Press
    Signature
    http://www.thecopywriterwhisperer.com/ Persuasion at it's best!
    http://www.affiliateorganizer.com/ Organize your entire online business - Super affiliates give it the thumbs up!
    {{ DiscussionBoard.errors[1882021].message }}
  • Profile picture of the author Jagged
    Look up fellow warrior James Stein - richjerknet .....he has a wordpress security script that works very well & comes highly recommended. Find it in his signature (if it's still there) or drop him a PM to find out more.....i'm sure he can fill you in on all the details.

    ~Ken
    {{ DiscussionBoard.errors[1882094].message }}
    • Profile picture of the author M Thompson
      As said, make sure you are upto data and have an upto date backup of your blog.

      There is a great free plugin that uploads your backups to amazon s3 on autopilot I did a short blog about it and a short video a few weeks back 3 Must Have Wordpress Plugins
      Signature


      If you are serious about online marketing come and Join our free community The Foundation
      {{ DiscussionBoard.errors[1882111].message }}
      • Profile picture of the author NancyHill
        One simple security step is to set your directories to "no-index" so that hackers can't get an easy list of the plugins and scripts you have on your blog.

        It's easy to do in Cpanel:
        Simply scroll to the "Index Manager" icon near the bottom of the page.
        Select "Web Root"
        Select "public.html/"
        Select "No Indexing"
        Select "Save"
        {{ DiscussionBoard.errors[1882195].message }}
        • Profile picture of the author Pierre!
          Originally Posted by NancyHill View Post

          One simple security step is to set your directories to "no-index" so that hackers can't get an easy list of the plugins and scripts you have on your blog.

          It's easy to do in Cpanel:
          Simply scroll to the "Index Manager" icon near the bottom of the page.
          Select "Web Root"
          Select "public.html/"
          Select "No Indexing"
          Select "Save"
          Interesting Suggestion! It won't prevent the bots from indexing for SEO purposes?
          Signature
          Internet Safety Tips - The Essentials
          Internet Safety Tips – “The Essentials” – Examples Of Attacks
          Check out this chapter, then sign up to download YOUR copy!
          {{ DiscussionBoard.errors[1882362].message }}
          • Profile picture of the author daydreamer123
            Originally Posted by Pierre! View Post

            Interesting Suggestion! It won't prevent the bots from indexing for SEO purposes?
            I'm also interested in this answer, thanks!
            {{ DiscussionBoard.errors[1882589].message }}
          • Profile picture of the author Alan Mc Donald
            Originally Posted by Pierre! View Post

            Interesting Suggestion! It won't prevent the bots from indexing for SEO purposes?
            i would like to know the same thing
            Signature


            {{ DiscussionBoard.errors[1882980].message }}
          • Profile picture of the author Istvan Horvath
            Originally Posted by Pierre! View Post

            Interesting Suggestion! It won't prevent the bots from indexing for SEO purposes?
            If you set your whole public_html folder to "noindex", of course, it will prevent any SE bot from indexing anything on your site.

            So, I consider that quite a dumb idea, sorry.
            Signature

            {{ DiscussionBoard.errors[1883112].message }}
            • Profile picture of the author xiaophil
              Originally Posted by Istvan Horvath View Post

              If you set your whole public_html folder to "noindex", of course, it will prevent any SE bot from indexing anything on your site.

              So, I consider that quite a dumb idea, sorry.
              Istvan I think they were referring to the Apache option:

              Options -Indexes

              which can be placed in .htaccess to prevent viewing the contents of a directory in a browser.

              Wordpress recently took care of this problem by placing dummy index.php files in every folder, so this is no longer a problem for Wordpress anyway.
              {{ DiscussionBoard.errors[1883398].message }}
  • Profile picture of the author shermancox
    Regular and working backups...so that when it happens...you can get back running again....
    Signature

    {{ DiscussionBoard.errors[1882507].message }}
  • Profile picture of the author karabas
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[1883131].message }}
    • Profile picture of the author ocmnet
      I was getting hacked regularly, then I read that there was a security problem with "Filezilla", the FTP program I was using.

      I stopped using Filezilla and have not had a problem since.
      {{ DiscussionBoard.errors[1883257].message }}
      • Profile picture of the author navi
        Originally Posted by ocmnet View Post

        I was getting hacked regularly, then I read that there was a security problem with "Filezilla", the FTP program I was using.

        I stopped using Filezilla and have not had a problem since.
        Is that so? What is the reason? I have been using Filezilla too and the other day I found an iframe on my website.

        What alternatives do you suggest?
        {{ DiscussionBoard.errors[1883615].message }}
        • Profile picture of the author ocmnet
          Take a look at this:
          Filezilla Alert

          I started using Firefox and FireFTP. It is a little slow for lots of files, but no problems since I started using it.
          {{ DiscussionBoard.errors[1883646].message }}
  • Profile picture of the author sellingmanagerebay
    there are few security plugins available for WP. Alss try to change your Passord every few weeks. But, keep in mind that, if an expert hacker catch flaw, he will make your security precaution useless.
    Signature
    5 Unique Healthy Eating Articles For 5.99 - Never Been Published Before
    {{ DiscussionBoard.errors[1883272].message }}
  • Profile picture of the author senderbot
    That Filezilla problem is only an issue on a Trojan infected PC. At the very least you should be running a good anti-virus, firewall and spy ware utilities and remain suspicious of any downloads.

    I personally use -
    Avg Free anti-virus
    Zonelabs Firewall
    Glary Utilities
    CC Cleaner

    I used to use Spybot and Adaware but ran into issues using Win7.
    I also have a portable version of Filezilla (so I can take it with me). It lives on an encrypted hard drive so when I'm not using it, it's not available to any other software on my system.

    My security is a bit paranoid. BUT I did get one of my Wordpress sites hacked a while back. It turned out I hadn't upgraded to the latest version of WP and an exploit came out that allowed hackers to take out thousands of WP blogs.

    So even when you take all the other precautions you still need a totally up-to-date and regularly backed up blog to be totally safe.

    Cheers
    Max
    Signature
    PornStarStamina is for sale! - Buy the book rights and website! or Just Download the Book For FREE! - Check it out!
    {{ DiscussionBoard.errors[1886871].message }}
  • Profile picture of the author thetrafficaddict
    Had the same thing happen to some of my blogs as well. I had to upload to a newer version of the blog, change my password frequently, and make sure the website and hosting vulnerabilities are kept to a minimum.
    Signature

    {{ DiscussionBoard.errors[1887193].message }}
    • Profile picture of the author TheChanger
      Thanks for all the great tips.
      {{ DiscussionBoard.errors[1887575].message }}

Trending Topics