15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

Security Plugin Question

by Larkrise
13 replies
Hi all

I spent a week having meltdowns as I watched one site after an other get hacked - only one banned as I caught it in time but they act fast those hackers (robots)

I'm looking at Bulletproof Security $39 plugin but as a IM I have multiple blogs and I don't know if this is good enough as the free version and I don't know if the price is one site only

so thought I'd chuck this query out on Warrior Forum as I bet there are lots of you with some ideas on how to best protect your wp sites?

I appreciate your feedback, thanks
#plugin #question #security
  • Profile picture of the author Willie Murray
    Hey,

    Seems like a good plugin, bear in mind though your site will never be 100% secure, it's your job however to have a good backup and make it more difficult for hackers to break in..

    I always compare it to two offices beside each other, one with security alarms, bars on the window and the other with nothing, which one do you think the thief would target?
    Signature
    {{ DiscussionBoard.errors[4660046].message }}
  • Profile picture of the author Larkrise
    You are quite right and thats a good metaphor

    When you say its my job to make it secure - the measures I include akismet, backupbuddy which has a malware scan and I set it to get regular backups and now I am looking at the best antivirus plugins to do a bit extra. I've got a whole bunch of plugins recommended by ABB for autoblogs although I don't really do that

    I know I need to update plugins and wp and themes regularly

    Is there anything else?

    I just read about putting wp-admin in a password protected file in cpanel so the hackers cant steal those so I'm going to add that to list

    Thanks for the tips so far
    Signature
    Claim Your Complimentary Web 2.0 & Social Media Guide
    (Post Panda/Penguin) continued updates with recommended link building strategies
    NLP, Coaching, Blogging, Promoting, Psychobabbly Potions & Spells, SEO and the usual IM fluff
    {{ DiscussionBoard.errors[4660109].message }}
  • Profile picture of the author Brian Alaway
    Ask you hosting provider to scan your site for malware. For scanning yourself, you can use something like this WordPress › Exploit Scanner « WordPress Plugins and this WordPress › TAC (Theme Authenticity Checker) « WordPress Plugins
    If you use the free version of BulletProof Security combined with the free version of Cloudflare(also available via Hostgator cpanel), you'll have a good foundation for securing your site. In addition, use sftp/ssh for moving files and ssl for accessing your admin dashboard. Use Security Guide for Windows - Random Password Generator to create strong passwords and then use a different password for each site to limit your exposure. And finally protect your computer with good anti-virus and anti-malware programs.
    Signature
    How to Configure Secure FTP
    {{ DiscussionBoard.errors[4660638].message }}
  • Profile picture of the author Larkrise
    Hi Brian in Sunny Florida a place I cant wait to get back to and hope all my online efforts support a trip next year

    Thanks for all that great advice and feedback - I'll be doing what you recommend and use both bulletproof and cloudflare - with cloudflare its a case of signing up and adding their DNS info to your url host? Is that right?

    Im with Heroe Host and Blue Host at the mo
    Signature
    Claim Your Complimentary Web 2.0 & Social Media Guide
    (Post Panda/Penguin) continued updates with recommended link building strategies
    NLP, Coaching, Blogging, Promoting, Psychobabbly Potions & Spells, SEO and the usual IM fluff
    {{ DiscussionBoard.errors[4660723].message }}
    • Profile picture of the author Brian Alaway
      Yes, with CloudFlare you'll need to point your DNS to their name servers, which you'll get during signup. It's fast and easy. DNS was updated and active in less than an hour, although technically it could take up to 48 hours.

      Also, use this WordPress Table Prefix Rename Plugin » SEO Egghead if you used Fantastico or a script installer to change your table prefix from the default. This will help against database attacks.
      Signature
      How to Configure Secure FTP
      {{ DiscussionBoard.errors[4661036].message }}
      • Profile picture of the author Larkrise
        Originally Posted by Brian Alaway View Post

        Also, use this WordPress Table Prefix Rename Plugin » SEO Egghead if you used Fantastico or a script installer to change your table prefix from the default. This will help against database attacks.


        Hi Brian - thats really helpful thankyou
        I had read about changing the wp prefix, so much in my brain last week I cannot recall where and the plugin idea is a godsend
        I usually use a wp install with my plugins configured and even the WTG additional files created, the use backupbuddy to create a new site in a very short time

        If I use this plugin on the base install and then use the backup to create new sites will I need to use the plugin on future installations?

        @Fernando1954 & lisakynan

        Its horrid, really really horrid being hacked but especially to be hacked by radicals!

        Best to follow these helpful chaps advice and make your sits impenetrable (as far as you can)
        Signature
        Claim Your Complimentary Web 2.0 & Social Media Guide
        (Post Panda/Penguin) continued updates with recommended link building strategies
        NLP, Coaching, Blogging, Promoting, Psychobabbly Potions & Spells, SEO and the usual IM fluff
        {{ DiscussionBoard.errors[4662053].message }}
      • Profile picture of the author Larkrise
        Originally Posted by Brian Alaway View Post

        Also, use this WordPress Table Prefix Rename Plugin » SEO Egghead if you used Fantastico or a script installer to change your table prefix from the default. This will help against database attacks.


        Hi Brian - thats really helpful thankyou
        I had read about changing the wp prefix, so much in my brain last week I cannot recall where and the plugin idea is a godsend
        I usually use a wp install with my plugins configured and even the WTG additional files created, the use backupbuddy to create a new site in a very short time

        If I use this plugin on the base install and then use the backup to create new sites will I need to use the plugin on future installations?

        @Fernando1954 & lisakynan

        Its horrid, really really horrid being hacked but especially to be hacked by radicals!

        Best to follow these helpful chaps advice and make your sits impenetrable (as far as you can)
        Signature
        Claim Your Complimentary Web 2.0 & Social Media Guide
        (Post Panda/Penguin) continued updates with recommended link building strategies
        NLP, Coaching, Blogging, Promoting, Psychobabbly Potions & Spells, SEO and the usual IM fluff
        {{ DiscussionBoard.errors[4662056].message }}
    • Profile picture of the author damoncloudflare
      More than happy to answer any questions about CloudFlare, if needed.

      Note: Some quick CloudFlare tips I recommend new users to the service read.
      Signature

      Damon
      CloudFlare Community Evangelist

      Tips for using WordPress with CloudFlare

      {{ DiscussionBoard.errors[4663645].message }}
  • Profile picture of the author lisakynan
    One of mine did this the other day! I never knew people could hack your freaken websites!! Ahh I was so naiive. It came up with WE HATE ALL PEOPLE THAT DONT BELIEVE IN OUR RELIGION or something similair argghh I had to delete the whole WP site and start again. Luckily it was just one I was playing with!
    {{ DiscussionBoard.errors[4661456].message }}
  • Profile picture of the author Fernando1954
    They got into one of my sites today, Arab hackers put images of 9/11 and bin ladin properganda on it i freaked.

    Found out there is a security issue with WP 3.2.1 thats how they got in you can read about it here
    Wordpress 3.2.1 XSS Exploit Fix - AdminSpot
    {{ DiscussionBoard.errors[4661840].message }}
  • Profile picture of the author billspaced
    Originally Posted by Larkrise View Post

    Hi all

    I spent a week having meltdowns as I watched one site after an other get hacked - only one banned as I caught it in time but they act fast those hackers (robots)

    I'm looking at Bulletproof Security $39 plugin but as a IM I have multiple blogs and I don't know if this is good enough as the free version and I don't know if the price is one site only

    so thought I'd chuck this query out on Warrior Forum as I bet there are lots of you with some ideas on how to best protect your wp sites?

    I appreciate your feedback, thanks
    There are some simple things to do that weed out many hack attempts.

    1. Change the administrator username from admin to something else. Make it as difficult to guess as your admin password (it is hard to guess, right? Use LastPass as a great password generator).
    2. Change the WP table prefix.
    3. Keep your plugins and themes up to date.
    4. If you allow others to register and contribute to your WP site, give them the lowest user role possible so that they can get their jobs done but cannot change themes or plugins.
    5. Backup backup backup
    6. Did I say backup?
    There are WP plugins that scan your installation for issues, too. And I'm sure there are some plugins that purport to do the security for you. I haven't used one, nor have I heard of any worth buying, but I can certainly be persuaded .
    Signature

    Bill Davis
    Chief Marketing Officer, SoMoLo Marketing

    {{ DiscussionBoard.errors[4662132].message }}
  • Profile picture of the author Larkrise
    Thanks billspaced

    Great answer - yes I do backup, thankfully I have a great plugin for that

    I am going to look at one of those 'dashboard' systems where you can see and update multiple plugins, themes etc from one place - this should help keep on top of this

    Good to know I don't need to spend anymore cash on security, just following these examples I will at least make it a little more difficult to attack my sites

    Thanks everyone - hope this thread helps others to be prepared too and not be complacent like I 'used' to be

    on the ball now though
    Signature
    Claim Your Complimentary Web 2.0 & Social Media Guide
    (Post Panda/Penguin) continued updates with recommended link building strategies
    NLP, Coaching, Blogging, Promoting, Psychobabbly Potions & Spells, SEO and the usual IM fluff
    {{ DiscussionBoard.errors[4662212].message }}

Trending Topics