10 {{ upvoteCount | shortNum }}
10 {{ upvoteCount | shortNum }}

If someone offered to security hardened your your WP Blog for $27 Bucks..

by Willie Murray
8 replies
Serious question

Given all the recent hacks on Wordpress and the 4,800 sites lost in Austrrailia, would someone offering to screw-down the security on your Wordpress Blog for $27 interest you? For example

- Install Backup plugin, backup and schedule backups
- Install Security plugins
- Updated key config files for various reasons

I'd value everyone’s opinion on this, thanks
#$27 #blog #bucks #hardened #offered #security
  • Profile picture of the author Michael Nguyen
    no because i can do it for free using these:

    download wp stealth login (create a 100 charecter string)
    it they cant guess that then they'l never the the login page.

    If they get a loging page they still need login details
    Here is where you make a 100 string password.

    Now that is 2 hard barriers they would have to break.

    Make a 100 string password to you cpanel account aswell.

    if you still get hacked then blame your host and time to move on.
    Signature
    FREE Cold Calling Course: >>> Looking for Serious & Aspiring Cold Callers to Train for FREE <<<
    {{ DiscussionBoard.errors[4162113].message }}
    • Profile picture of the author Willie Murray
      Originally Posted by Michael Nguyen View Post

      no because i can do it for free using these:

      download wp stealth login (create a 100 charecter string)
      it they cant guess that then they'l never the the login page.

      If they get a loging page they still need login details
      Here is where you make a 100 string password.

      Now that is 2 hard barriers they would have to break.

      Make a 100 string password to you cpanel account aswell.

      if you still get hacked then blame your host and time to move on.
      Interesting, thanks Michael I value your feedback..
      Signature
      {{ DiscussionBoard.errors[4162144].message }}
  • Profile picture of the author TryBPO
    Michael's right...too many free options.

    Still...it doesn't mean that yours isn't better than theirs...although it probably doesn't warrant a fee. See if you can build it out, make it free, and monetize it differently. (Links back to your site, freemium model, etc.)
    Signature
    Website Brokers - We can help you sell businesses making $500 to $50K per month.

    Free Website Valuation - How much is your website really worth? Find out here, free.
    {{ DiscussionBoard.errors[4162294].message }}
  • Profile picture of the author Andyhenry
    Originally Posted by william1872 View Post

    - Updated key config files for various reasons
    Depends what the reasons are.

    There are a few things that the usual security plugins don't protect against that I would want covered and that would determine whether I was interested or not.
    Signature

    nothing to see here.

    {{ DiscussionBoard.errors[4162355].message }}
  • Profile picture of the author Victoria Gates
    Had my WP hacked but they somehow hijacked my entire domain.. was weird and on two blogs that had nothing on them yet... Was weird.

    my lesson.. back it up.. save it to a harddrive regularly.. and I just dont worry beyond that.
    Signature
    Victoria Gates - Digital Marketing Specialist
    {{ DiscussionBoard.errors[4162370].message }}
    • Profile picture of the author BeauJustin
      Get a list of what they plan to do. Specifically ask what they plan to do with the .htaccess file. Get references from other customers.

      $27 is a fair price to secure a blog, as long as the plan isn't just to throw in a bunch of plugins, and walk away.

      Free plugins are OK, and some of them should be used, but they are by NO MEANS a catch all defense. Their best usage is for file monitoring to see if any of the files have been changed recently. There a couple of plugins that do this.

      The .htaccess is where the majority of your security meat will come from.

      With a properly configured .htaccess file you can protect against:
      SQL injections
      Brute force attacks
      Content Scraping
      Search bots (good and evil)
      And most other types of automated attack.

      The bottom line about web security is this. Most attackers aren't necessarily looking to crack into your wp-admin with brute force tactics, because it isn't necessary. I can, from a run of the mill Linux box, crack an unprotected WP blog in about twenty seconds, and I'm not even a hacker.

      A majority of attacks are initiated by search bots looking for particular weaknesses on a site.

      Once a weakness is found that bot injects an exploit which compromises the site. This allows them to (usually) inject code into the sites database, which then writes 64base encrypted javascript back to various pages on the site. This is done without ever having to log into the admin area.

      Only on rare occasions is your site attacked by an actual person, and that's usually for some type of personal glory, like "this site was defaced by Zer0Digz!" or something stupid like that.

      If you protect your site against attack-bots in the first place, the likelihood of an attack is greatly reduced. With all the websites in the world, the only way a hacker could find your site (without dumb luck), would be via one of these bots.

      Ask questions and get plenty of references. If you feel so inclined get a second opinion on whatever code they write to your .htaccess file. Just download it and send it to another security person.
      {{ DiscussionBoard.errors[4162472].message }}
  • Profile picture of the author Willie Murray
    Interesting comments, thanks guys I'm going to remain completely impartial, I could debate but I don't want to influence one way or another...
    Signature
    {{ DiscussionBoard.errors[4162391].message }}
  • Profile picture of the author BeauJustin
    By the way, the #1 thing you can do for your site is to use regularly updated plugins, and even then only a select few of them, and make sure you take advantage of Wordpress updates as they come available. Most of the updates are specifically geared toward closing security loopholes that arise.

    With a constantly updated blog the likelihood of search bots finding an exploit is greatly reduced.

    Second, make sure you have a backup of your site at all times. Backup as regularly as you post content. If you have an active blog which takes two or three posts a day, then you might want to institute daily or every other day backups.

    These are THE most important things you can do for your security. Everything else is just bricks in the wall.
    {{ DiscussionBoard.errors[4162586].message }}

Trending Topics