12 {{ upvoteCount | shortNum }}
12 {{ upvoteCount | shortNum }}

Just a Friendly Reminder - Secure Your WP Sites

by mattbaehr
10 replies
I had about half of my sites hacked Sunday. Then they did the rest yesterday. Easy to fix for the most part, although I had to nuke 3 and start over. Some hadn't been updated to latest version of WP, some had. Passwords were strong, but obviously there were other issues. Hopefully I have hardened everything up now, but just remember, take 5 minutes and beef up your site security.
#friendly #reminder #secure #sites
  • Profile picture of the author King Louie
    That sucks... I use the Secure WordPress plugin to tighten the security. Of course, I also use a gibberish password.
    {{ DiscussionBoard.errors[4294280].message }}
  • Profile picture of the author Coby
    What measures should we take to beef up our security?

    You said it only took 5 minutes? I'm interested in knowing what you did?

    This is an area that I know I need to address, but been slacking on finding information...

    Other than strong passwords, what do you do? Any plug-ins I should utilize?

    Thanks in advance...
    Signature
    .
    .
    {{ DiscussionBoard.errors[4294470].message }}
  • Profile picture of the author GameVoid
    Yeah I had to spend a lot of time last week removing hidden iframes from my sites. Still not 100% sure how the hackers got access to my theme files, but they did. Luckily hostgator fixed the bad files and I was able to remove the code from all the index.php files myself.
    Signature
    Professional Writing Services Content creation, article rewriting, sales pages, marketing materials and much more.
    {{ DiscussionBoard.errors[4294500].message }}
  • Profile picture of the author jrpt
    Same thing happened here. I was told it was wordpress update related as some hackers have found flaws in older wordpress versions to exploit those who don't update their editions.
    Signature

    {{ DiscussionBoard.errors[4294570].message }}
  • Profile picture of the author JamesGw
    What'd you use to secure your blog? I'd like to implement the same things.
    Signature
    Brazilian Jiu-Jitsu Techniques | Precision SEO
    {{ DiscussionBoard.errors[4294593].message }}
  • Profile picture of the author twistedpixel
    Beyond hardening, what is the best automated backup/restore solution?

    I've been looking at backup buddy from ithemes (+ allows backup to S3), I have a few cloning tools, but they are not "automated"

    Any other suggestions?
    {{ DiscussionBoard.errors[4294680].message }}
  • Profile picture of the author mywebwork
    So sorry to hear about your sites, glad to hear that you are now back up and running.

    Keeping WordPress (and your plugins) updated is definitely a step in the right direction. Just remember to ALWAYS do full backup before any major update - have seen several instances where a WordPress update caused a plugin to malfunction, in a couple of cases rendering the site completely inoperable.

    A reliable backup (and a restoration procedure) is just as important as updating your code and creating a secure password. No site security scheme is foolproof (or 100% hacker proof), and by having a current backup you are protected from even the most malicious hacking attack or server failure.

    There are a number of plugins that will simplify the backup process, if your host has a CPanel (or equivalent) you can also do a full file and database backup to accomplish the same thing.

    I'm just stressing this because it astounds me how many site owners (WordPress and otherwise) will spend days working on their sites without having a backup scheme in place!

    As for security this is always a great place to start: Hardening WordPress « WordPress Codex

    Bill
    {{ DiscussionBoard.errors[4294691].message }}
  • Profile picture of the author simonbuzz
    Banned
    Thanks for the warning...I am using a security plugin and also my pass is so big
    {{ DiscussionBoard.errors[4294770].message }}

Trending Topics