I recently took the plunge this year and decided to do the whole "offline" thing.
I've been doing online marketing for a number of clients and setting up websites.
I have been using wordpress to create websites. I usually use wpremix, edit a template from themeforest or something. I am upfront with clients about the fact I am using and editing templates. They are always happy with this. Besides, I don't charge the earth for this.
Now I use wordpress because I have been using it for years and really enjoyed it, and got quite good with it. I also know a professional web design agency (with some ridiculously good programmers) using wordpress. They love it and use it for everything (although they are far better than me at it).
However, recently, (particularly new sites) have been being hacked. The hackers manage to change the password, and change the email address that the password reset is sent to. Allowing them to then edit some code in my current/active theme folders. This alters the appearance of the site, and usually contains some picture of zombies, some crappy music, some foreign text, hotmail addresses (setup to harm your computer if you email them) and some message about me being a son of a b*tch.
Now, whilst I disagree with their wording, I may well be a non-too-agreeable individual. Thats fine. But I would rather they didn't post their feelings about it on my client's websites.
** Please note, they are not actually directing insults at me, just the admin of the website. This hacking attack itself is not personal**
I have taken a reasonable amount of advice on preventing this nonsense, including index paging my plugin and theme pages so as not to give anything away and activating the following plugins:
wp security scan
Block Bad Queries
I also prevent new users signing up. I have been to the wordpress forums about this, but all they talk about there is making sure your wordpress version is the latest one available. They talk about how nothing except that is going to help. I hate to say it, but they are wrong. All my sites getting hacked are all totally up-to-date.
I am going to have to get used to a new CMS asap, or I need some help about how to make this kind of attack even tougher for these people. I know a programmer who will protect a site for £100 a shot, but I cannot afford at this stage for him to work his magic on every blog/site I have.
I know these hackers are just out to target anyone they can, but they seem to find two of my sites every time. I don't feel like I deserve any of this, but I seem to keep having my weekends ruined by it.
All of this is VERY close to putting me out of business if it continues. I desperately need some help and advice from fellow warriors who know their stuff in this field.
Either that or I am about to go out on one of the most brutal vigilante rampages around the streets of newcastle and the hills and fields of Northumberland. (Just kidding - for now).
I am going nuts, and would be ridiculously grateful for any help, and I shall forever be in your debt if you can help me solve this!