How to Hack Proof Your Site

16 replies
Anyone know how to do this? I recently had an attack on one of my sites and I want to make sure it doesn't happen again. I contacted my host and they said they don't provide support for this kind of stuff, any idea on what I can do? How can I make sure it wasn't a hole in something like Wordpress (or my old programmer trying to get revenge remotely?). Any suggestions?

Andrew Maule
#hack #proof #site
  • Profile picture of the author askloz
    Yeah, get a good programmer and a good server.
    {{ DiscussionBoard.errors[467693].message }}
  • Profile picture of the author Leanne King
    Hi Andrew, you can install WordPress › WP Security Scan WordPress Plugins which is a free wordpress plugin. Also, I have signed up for the beta release of Maximum Security for Wordpress which will cover quite a bit. Nothing will ever be 100% though so the trick is to be careful, put measures in place and regularly back up your site and database.

    All the best
    {{ DiscussionBoard.errors[467754].message }}
  • Profile picture of the author TheRichJerksNet
    You need to secure your wordpress with real security and not some plugin, a plugin is not going to help and get a good server ...

    {{ DiscussionBoard.errors[467781].message }}
  • Profile picture of the author muzzi
    Make sure you have the latest versions of wordpress, they are much more secure than the older versions.

    Make sure you change all your passwords every time you get a new programmer. If possible don't give him full access, and if possible even get him to use his server and then get a trusted friend to install it on yours.

    To mitigate the risk consider having multiple servers or hosting accounts too.
    {{ DiscussionBoard.errors[467817].message }}
  • Profile picture of the author HarveyJ
    {{ DiscussionBoard.errors[467947].message }}
    • Profile picture of the author TheRichJerksNet
      Originally Posted by HarveyJ View Post

      No such thing as hack proof.
      If someone wants to get in, they will.
      Wordpress security installs don't matter if you don't have Wordpress, and even then it doesn't matter if someone gets in through the FTP, or your own complete lack of security knowledge that leaves the site open to tunneling.

      This is why people pay thousands of dollars for developers that actually know what they're doing.
      I am a developer ....

      {{ DiscussionBoard.errors[467954].message }}
  • Profile picture of the author seree
    Hi Andrew,

    First, you might have to secure your Wordpress with James' product. This will made your Wordpress so much harder to be hacked.

    Second, if you have a budget, get a good dedicated server and hire someone to setup server for you. This will remove the chance that hacker can compromise another website and hack into other account including yours.

    However, it's always possible to be hacked. (if hacker want)

    Seree W.
    {{ DiscussionBoard.errors[468031].message }}
  • Profile picture of the author pyrmontvillage
    Having a VPS locked down by someone who knows what they are doing goes a long way. That and regular log analysis, gives you an insight into possibly dodgy behaviour.

    At the end of the day, if some one has the requisite motivation, and technical ability, its curtains....
    {{ DiscussionBoard.errors[468370].message }}
  • Profile picture of the author Josh Anderson
    The first most essential step that you must take is to have a dedicated server.

    If you do not start with that you cannot secure your site.
    {{ DiscussionBoard.errors[468506].message }}
  • Profile picture of the author mywebwork
    It's a cat-and-mouse game, unfortunately there seem to be a lot of people out there with technical skills and nothing better to do with themselves than destroy other peoples efforts. Sorry to hear that it happened to you, I had a site of mine hacked last month so I know how you feel. Traced it to an IP address in China, not much we could do about that.

    Best defense is to do everything you can to secure your site , tighten your file and folder permissions, use strong passwords and change them often. Keep your software (WordPress and Plugins) updated. And then make a good backup, and continue to backup your site every time there is a change.

    When our site was hacked I wrote a post outlining a Disaster Plan that I think all Warriors should have in place. If you'd like to look at it you can find it at . Not trying to steal your thread or be self-promotional, I just think that it contains valuable information that is relevant to this thread.

    All the best ...

    {{ DiscussionBoard.errors[468519].message }}
  • Profile picture of the author freddie_fireman
    There are vulnerability scanners like this one ...

    Web application security - Acunetix Web Vulnerability Scanner

    But they are expensive, and in the end, you need a good admin/hosting service keeping 24 hour watch and keeping up to date with the latest vulnerabilities.
    Water shapes its course according to the nature of the ground over which it flows. – Sun Tzu, 600 B.C.

    freddie fireman
    {{ DiscussionBoard.errors[468551].message }}
  • Profile picture of the author PRandContent
    Originally Posted by TheRichJerksNet View Post

    I also would suggest moving host to hostgator if you are not already using them..

    I use Hostgator. One of my websites got hacked a few months ago and the customer support of Hostgator helped me restore my site back within a few hours. Their excellent support is the major reason why I'm sticking with them.
    {{ DiscussionBoard.errors[468557].message }}
  • Profile picture of the author TheRichJerksNet
    Let me state this...

    Josh that suggested a dedicated server .. I fully agree with, I have 2 of them with hostgator.

    Seree as suggested secure your wordpress and yes I do infact have the only product on the market that can really secure your wordpress because the fact I changed the coding and I created a way for you to customize that coding so hackers have no idea what was done. No other wordpress security product offers this...

    The more support I get with WordPress Secured the more opt I will also be to advance it into the next stage.

    VPS - This is NOT the same as a dedicated server, matter fact is lacks in a great deal of functions that dedicated servers do have. VPS also lacks in many controls for example: I was working on a server the other day for a client and there was no way to turn SSH on without contacting the host eventhough they had a VPS.

    Hostgator - They have upto date server software (something most host do not have) They run cpanel 11+ and compile Apache with SuExec (PhpSuexec). SuExec is basically protection of your files and folders from sql injection and many other little script kiddie hacks. Cpanel is also the hardest server app to crack, even for good hackers.

    Online Free Scanners - Avoid them like you would a virus, reason being is you have no idea who owns those scanning sites and they may log the scans to see who's server is open to attacks. Several years ago a few warez users opened a security scanning site just to do what I explained above. They was shut down after awhile but point is you have no idea who owns those sites.

    Updates and Backups - Wordpress, do not update just because they make a new release that is the worst advice anybody can give.. Most smart people wait to update wordpress. Backups, well you should be doing that anyways everynight at midnight.. Make a full server backup and download it to your hard-drive.

    With that all being said, yes it is correct as Seree sadi above.. Nothing is 100% secure and I do mean nothing.. Fact is though going with HostGator, Dedicated Server, and WordPress Secured v2 will in-fact keep you 90% secured which is a great deal better than 0%...

    {{ DiscussionBoard.errors[468611].message }}
  • Profile picture of the author Andyhenry
    Hi Andrew,

    There are companies that do 'Pen' testing (penetration testing)

    The reseller I have for my main software product are specialists at this and have a 'guru' hacker who does this for them, he's testing our system at the moment :{

    However, this sort of professional Pen testing is probably outside of what is reasonable to do unless your business is big enough to warrant the prices these companies charge. Fortunately they're doing this for us at no cost because they use and sell our product and it's in their interest too.

    I think if you follow Josh's advice and just make sure you have a good host and decent servers, it's the biggest step to protecting yourself.


    nothing to see here.

    {{ DiscussionBoard.errors[468779].message }}
  • Originally Posted by Andrew Maule View Post

    Anyone know how to do this? I recently had an attack on one of my sites and I want to make sure it doesn't happen again. I contacted my host and they said they don't provide support for this kind of stuff, any idea on what I can do? How can I make sure it wasn't a hole in something like Wordpress (or my old programmer trying to get revenge remotely?). Any suggestions?

    Andrew Maule
    I'll suggest you change host. I had the same thing done on 2 of my sites and my host sorted it all out for me - even changed all to the right settings.

    {{ DiscussionBoard.errors[468807].message }}

Trending Topics