How to Hack Proof Your Site

Yeah, get a good programmer and a good server.

Hi Andrew, you can install WordPress › WP Security Scan WordPress Plugins which is a free wordpress plugin. Also, I have signed up for the beta release of Maximum Security for Wordpress which will cover quite a bit. Nothing will ever be 100% though so the trick is to be careful, put measures in place and regularly back up your site and database.

All the best
Leanne

You need to secure your wordpress with real security and not some plugin, a plugin is not going to help and get a good server ...

James

Make sure you have the latest versions of wordpress, they are much more secure than the older versions.

Make sure you change all your passwords every time you get a new programmer. If possible don't give him full access, and if possible even get him to use his server and then get a trusted friend to install it on yours.

To mitigate the risk consider having multiple servers or hosting accounts too.

Hi Andrew,

First, you might have to secure your Wordpress with James' product. This will made your Wordpress so much harder to be hacked.

Second, if you have a budget, get a good dedicated server and hire someone to setup server for you. This will remove the chance that hacker can compromise another website and hack into other account including yours.

However, it's always possible to be hacked. (if hacker want)

Cheers!
Seree W.

Having a VPS locked down by someone who knows what they are doing goes a long way. That and regular log analysis, gives you an insight into possibly dodgy behaviour.

At the end of the day, if some one has the requisite motivation, and technical ability, its curtains....

The first most essential step that you must take is to have a dedicated server.

If you do not start with that you cannot secure your site.

It's a cat-and-mouse game, unfortunately there seem to be a lot of people out there with technical skills and nothing better to do with themselves than destroy other peoples efforts. Sorry to hear that it happened to you, I had a site of mine hacked last month so I know how you feel. Traced it to an IP address in China, not much we could do about that.

Best defense is to do everything you can to secure your site , tighten your file and folder permissions, use strong passwords and change them often. Keep your software (WordPress and Plugins) updated. And then make a good backup, and continue to backup your site every time there is a change.

When our site was hacked I wrote a post outlining a Disaster Plan that I think all Warriors should have in place. If you'd like to look at it you can find it at http://www.warriorforum.com/main-int...ease-read.html . Not trying to steal your thread or be self-promotional, I just think that it contains valuable information that is relevant to this thread.

All the best ...

Bill

There are vulnerability scanners like this one ...

Web application security - Acunetix Web Vulnerability Scanner

But they are expensive, and in the end, you need a good admin/hosting service keeping 24 hour watch and keeping up to date with the latest vulnerabilities.

I use Hostgator. One of my websites got hacked a few months ago and the customer support of Hostgator helped me restore my site back within a few hours. Their excellent support is the major reason why I'm sticking with them.

Let me state this...

Josh that suggested a dedicated server .. I fully agree with, I have 2 of them with hostgator.

Seree as suggested secure your wordpress and yes I do infact have the only product on the market that can really secure your wordpress because the fact I changed the coding and I created a way for you to customize that coding so hackers have no idea what was done. No other wordpress security product offers this...

The more support I get with WordPress Secured the more opt I will also be to advance it into the next stage.

VPS - This is NOT the same as a dedicated server, matter fact is lacks in a great deal of functions that dedicated servers do have. VPS also lacks in many controls for example: I was working on a server the other day for a client and there was no way to turn SSH on without contacting the host eventhough they had a VPS.

Hostgator - They have upto date server software (something most host do not have) They run cpanel 11+ and compile Apache with SuExec (PhpSuexec). SuExec is basically protection of your files and folders from sql injection and many other little script kiddie hacks. Cpanel is also the hardest server app to crack, even for good hackers.

Online Free Scanners - Avoid them like you would a virus, reason being is you have no idea who owns those scanning sites and they may log the scans to see who's server is open to attacks. Several years ago a few warez users opened a security scanning site just to do what I explained above. They was shut down after awhile but point is you have no idea who owns those sites.

Updates and Backups - Wordpress, do not update just because they make a new release that is the worst advice anybody can give.. Most smart people wait to update wordpress. Backups, well you should be doing that anyways everynight at midnight.. Make a full server backup and download it to your hard-drive.

With that all being said, yes it is correct as Seree sadi above.. Nothing is 100% secure and I do mean nothing.. Fact is though going with HostGator, Dedicated Server, and WordPress Secured v2 will in-fact keep you 90% secured which is a great deal better than 0%...

James

Hi Andrew,

There are companies that do 'Pen' testing (penetration testing)

The reseller I have for my main software product are specialists at this and have a 'guru' hacker who does this for them, he's testing our system at the moment :{

However, this sort of professional Pen testing is probably outside of what is reasonable to do unless your business is big enough to warrant the prices these companies charge. Fortunately they're doing this for us at no cost because they use and sell our product and it's in their interest too.

I think if you follow Josh's advice and just make sure you have a good host and decent servers, it's the biggest step to protecting yourself.

Andy

I'll suggest you change host. I had the same thing done on 2 of my sites and my host sorted it all out for me - even changed all to the right settings.

regards
Para