11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Sites getting hacked, what to do about it?

by robgee123
9 replies
Hey Warriors, I hope you're well.

I've just had several emails from a customer of mine complaining that .pdf's & links have 'vanished' from her website. I assume this can only be down to hackers, the little *******s!

Anyway I got on to my hosting company & they've restored a back-up which is fine but it's a real pain in the ass having to do this.

What do you guys use to protect your websites/ customers websites?
#hacked #sites
  • Profile picture of the author jpboxersox
    I use stopthehacker.com (non affiliate link)
    {{ DiscussionBoard.errors[7712105].message }}
  • Profile picture of the author buddhaflow
    One important place to start is your and your clients computers. Do they have MULTIPLE anti-malware type things installed?

    The #1 vector of web site attacks is keylogging the Windows PCs used to log into them.

    Better yet, boot into linux via USB when updating the site / buy a chromebook only for web access.

    Hackers are a real problem - they can install scripts on front pages that install viruses on users computers, and trash your reputation. 1) Install various WP security plugins (google that) 2) Change all passwords, use SECURE passwords (long, not dictionary based, numbers+symbols) 3) be really, really careful what computers you or anyone else logs in from.

    It's a big topic, but an important one. Also, make your own daily backups!
    {{ DiscussionBoard.errors[7717824].message }}
  • Profile picture of the author awledd
    My site was hacked (with a terrorist message in the front page) two times in a week. I was pissed off! The first time a fiverr technician helped me for 5 dollar. The second time he helped me for free and gve me some advice. I installed login lockdown plugin Bad Neighborhood - Login LockDown WordPress Security Plugin and I haven't had an issue till now - a year and half.

    Luckily the files were intact.
    Signature
    https://earningsper.click/
    {{ DiscussionBoard.errors[7717858].message }}
  • Profile picture of the author david carr
    If you have a static ip you can lock the admin area so only you can access it through .htaccess file:

    Three tips to protect your WordPress installation

    Regards
    Dave
    Signature

    {{ DiscussionBoard.errors[7717928].message }}
  • Profile picture of the author so11
    Hello,

    applying security plugins is a good start. But the problem is that you don't know where the flaw is. Find the problem and take action from there.

    good luck
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7718291].message }}
  • Profile picture of the author Kingfish85
    Here's a blog entry we put up as a started guide. There's much more that can be done, but this is a good start.

    Securing Wordpress - A Definitive guide to Wordpress Security Tips—LiquiLayer Technologies – Web Hosting & Solutions

    Be careful about blindly installing a bunch of "security" plugins as the more plugins you use, the higher the risk of an exploit becomes.
    Signature

    |~| VeeroTech Hosting - sales @ veerotech.net
    |~| High Performance CloudLinux & LiteSpeed Powered Web Hosting
    |~| cPanel & WHM - Softaculous - Website Builder - R1Soft - SpamExperts
    |~| Visit us @veerotech Facebook - Twitter - LinkedIn

    {{ DiscussionBoard.errors[7718315].message }}
    • Profile picture of the author John Robbins
      Hi buddy - I guess we have all been there, and I'm no exception, there are a lot of things that you can do with HT access files and other things, I have a guide from another warrior and that works well, however the first steps for installing any site for me now is to install 3 security plugins WP Firewall 2, Limit login Attempts and Secure Wordpress.

      Now I'm not saying they cannot be hacked from just installing these plugins - however I have had no real problems with any of my 12 sites since I did this at the end of 2011.

      I put a video up on my blog showing you how to do this - I have since increased limit login attempts simply because of the amount of robots (usually) trying to log in. http://whoisjohnrobbins.com/wordpres...rity-tips.html

      The plug in emails you so you know how many times this happens and trust me that is going to set alarms off, because it is rife - around 20 a day for various sites, both my sites with John Robbins in them get hit hard, because of my name baskin robbins and another very famous namesake, guess they think I'm one of them (I wish lol)

      If you want the additional steps PM me and I will get them across to you, they are not that difficult to follow.

      Final point I also have html sites these have never had a hacking issue WordPress being open source software is easier for hackers it appears.

      Hope this helps

      John Robbins

      PS the earlier comment on plugins slowing down sites is correct and you need to address that with a cache plug in - it doesn't make the site super fast but it does certainly speed up load times.
      {{ DiscussionBoard.errors[7719021].message }}
      • Profile picture of the author 63lincoln
        If it is a joomla based website I highly recommend akeeba admin tools pro. Akeeba also makes a great normal backup tool.

        For wordpress websites I use cyclones to backup before any update.
        {{ DiscussionBoard.errors[7719744].message }}
  • Profile picture of the author rodneys
    Restoring a backup can be a real pain. I have been there a few dozen times so i know the feeling. Have a look at securiilock.com - They might be able to help you.
    {{ DiscussionBoard.errors[7767627].message }}

Trending Topics