My WordPress Sites Keep Getting Hacked. :( What Options Do I Have?

Hey,

you can show us your installed WordPress plugins.
follow this steps for a cheap solution for the begining -
1) Replace fresh core WordPress files from wordpress.org with exists files.

2) check if there is no suspicious files in home dir (look at the code if its not seems like legit code delete them and see ehat happend).

3) Select more secure passwords for your WordPress admin, use this password generator -
Strong Random Password Generator

4) update WordPress and all plugin from the panel -
A Guide to Updating WordPress, Plugins and Themes

5) move your website to more secure hosting company.

if you have more questions you more then welcome to ask here!

Have a look at a dedicated WordPress host like FlyWheel.
If your site get's hacked they fix it for free:
https://getflywheel.com/why-flywheel...ress-security/

Have you tried the ithemes security plugin?
It's free.

use long password like 223treatPass

Hi James,

This is the second thread you're starting on this same subject within a short period of time. You're getting the same answers, basically.

Your question: "Would it be wiser to quit WordPress altogether?"
The answer is YES!

Spend a few hundred dollars to have someone build a secure site for you so you don't have to worry about this anymore.

Check out Sucuri. It's the bees knees especially if you get their website firewall and only allow white listed IP addresses to access the admin area.

Try and make use of Ithemes security plugin.
It's free

The other answers on here are pretty bad.

- Don't leave wordpress. It's very well-secured and updated often. If you write your own custom thing, it will either lack features or won't be as secured and as time passes, you won't be able to afford constantly updating it as extensively as Wordpress is (which is updated for FREE).

- Aside from WordFence, you need somebody to harden your Wordpress installation. There are many guides for it. But in regards to the hacking, you can hire hackers/programmers/server-analysts on Uphire for $15/hr and have them look through your logs and see how and where you hacked. It's the only way and it happens a lot. For now...try disabling poorly-coded plugins and delete themes and things on your site that you don't use. Change passwords, even DB passwords.

Did you set up Wordfence, or just install it? There are some things you need to do to make it work as you want. The free version is pretty good, but if you want more security from it, it's not that expensive to upgrade. It depends on your needs.

Hey, no one is more green at this than I am. But I'm slowly learning. I installed Wordfence and now that I've set it up, I am notified when someone tries to login with an invalid user name. Its scans tell me exactly where the problems are and, in some cases, it gives me a link to compare the original file with the modified version. This is really cool! I wish it would do that for all errors, but it doesn't, but at least it tells you exactly where the error is.

You fix these files in your Control Panel... not within the Blog dashboard.

Before getting Wordfence, I did a major manual search through one of my badly hacked sites and it was relatively easy to find the problems. In the code, someone added a ton of garbage jibberish which I was able to successfully delete. Also look for any irrelevant URLs in the code. Some are pretty obvious that they don't belong. Look especially for urls ending in .ch (china) or .ru (russia) as these are common hacking locations.

For securing it all, you need to activate the Firewall in Wordfence. I'm not quite sure how to do some of what needs to be done, but there is a link for help. I haven't checked it out yet but will soon.

As far as passwords go, get one with about 10 letters/characters mixture, caps and lower case. Don't forget to change any logins that have ADMIN as the username. Create a different username that is not easy to figure out. For instance, not your name. Do this with your blogs and your databases.

I recently had notifications from Wordfence that someone in China tried to access my site using the username that my host provider gave me for my entire account. This was worrisome. They failed but it was oddly comforting to know that someone tried this.

Hope this helps.

Sylvia