15 replies
What is the safest way to setup a WordPress blog that reduces the risk of hacking? Is it possible?
#blogs #wordpress
  • Profile picture of the author bigcullie
    I got hacked last year and it caused no end of problems, taking months to resolve; so I understand your question.

    The most obvious thing to do is change your login data. Don't use "admin" as robots target the ulr+admin then try to crack the password. So use a solid password with a mix of capitals, lower case, numbers and symbols such as !"£.

    I was also advised not to save passwords on the browsers, although this is easier said than done.

    Other options include changing your permissions through cpanel, modifying and moving the HTaccess file and limiting those who who have access to your blog.

    Wordpress also provide many free security plugins such as WP Security Scan
    which scans your WordPress installation for security vulnerabilities. In fact go to Hardening WordPress « WordPress Codex and read what they have to say, which is more than me, and take it from there.

    I hope this helps.
    {{ DiscussionBoard.errors[5062332].message }}
  • Profile picture of the author K Meier
    Several aspects.

    Secure server
    - your hoster needs to provide secure servers

    Strong password
    - when installing wordpress make sure your password is strong. also make sure your ftp, mysql, cpanel and personal email account password are strong.

    When installing plugins for wordpress make sure they are up to date and are not known for security holes
    There are several plugins that help increase security, have a look around.

    But know, if hackers really want to get into your website, they will. Just look at Sony, Microsoft, Goverment servers etc. they are all being hacked although they have top IT professionals and a billion dollar server infrastructure.
    {{ DiscussionBoard.errors[5090211].message }}
    • Profile picture of the author bubblesdavid1
      Originally Posted by K Meier View Post

      Several aspects.

      Secure server
      - your hoster needs to provide secure servers

      Strong password
      - when installing wordpress make sure your password is strong. also make sure your ftp, mysql, cpanel and personal email account password are strong.

      When installing plugins for wordpress make sure they are up to date and are not known for security holes
      There are several plugins that help increase security, have a look around.

      But know, if hackers really want to get into your website, they will. Just look at Sony, Microsoft, Goverment servers etc. they are all being hacked although they have top IT professionals and a billion dollar server infrastructure.
      My password is poor but i m using knownhost server it is good or not my hosting password strong but mysql password poor ?

      please give me right advise
      {{ DiscussionBoard.errors[5153804].message }}
  • Profile picture of the author EricHall
    I agree, strong password is a must.
    {{ DiscussionBoard.errors[5090508].message }}
  • Profile picture of the author Jason Z
    Yes, you want to make sure you have complex passwords, make sure your admin username is anything other than admin (because hackers try that first) and you can use plugins like "Secure Wordpress" to make sure you are keeping things protected.
    Signature
    Co-Founder of the Local Profit Model Training Program for Offline Consultants

    Jason Zimmerman is an offline marketing and consulting professional. He has been developing web sites and digital marketing plans for local businesses since 2000.
    {{ DiscussionBoard.errors[5090758].message }}
  • Profile picture of the author ericbryant
    Keep Wordpress constantly up-to-date! Google Wordpress Security for the Top 10 Tips--they're everywhere. Just be careful not to block the /wp-content folder in robots.txt as some recommend, or else you will disappear from search!
    Signature
    www.CoreZero.com
    - Social Media Marketing Strategy & Consulting

    - Custom Wordpress Website Design & Blogs

    - Wordpress Speed Demon? Click Here!

    - Live the life you love... now!
    {{ DiscussionBoard.errors[5091533].message }}
  • Profile picture of the author rainso0
    If you are hacked you could have problems absolutely anywhere. Do not trust an export file, unless you are completely sure that the database is clean.
    Signature
    {{ DiscussionBoard.errors[5091813].message }}
  • Profile picture of the author blogfreakz
    plus a strong security and firewall also backup everything that you have so that you won't be able to have headaches when you put your site back online again
    {{ DiscussionBoard.errors[5091976].message }}
  • Profile picture of the author RobKonrad
    Hi Joe,

    have a look at the basic advice the WP team gives:

    Hardening WordPress « WordPress Codex

    Cheers,
    Rob Konrad
    Signature
    ================================================== ===
    This blog is awesome: http://www.robkonrad.com/blog. Read it.
    ================================================== ===
    {{ DiscussionBoard.errors[5091993].message }}
  • {{ DiscussionBoard.errors[5092271].message }}
  • Profile picture of the author James90210
    If you want help Creating and keeping a strong password. You can use a password card. Each one is unique and very easy to use. Check out password card. It's free and very clever.
    {{ DiscussionBoard.errors[5132796].message }}
  • Profile picture of the author gamebak
    there are some cheap vps's, best thing is to buy a vps/dedi and make sure you're safe. Then install a server software + wordpress and you're ready for web
    {{ DiscussionBoard.errors[5133594].message }}
  • Profile picture of the author webexperts666
    I agree on secure server and strong password.
    {{ DiscussionBoard.errors[5147348].message }}
  • Profile picture of the author jgoodwin
    Wordpress versions and plugins should always be up-to-date. Regularly check for wordpress updates and apply whenever necessary. Regularly change your WP admin password and web hosting control panel passwords.
    Signature
    Offshore Web Hosting - AltusHost.Com - 24x7 Technical & Sales Support
    Shared Hosting | Reseller Hosting | VPS Hosting | Dedicated Servers

    We host ALL types of web sites which regular hosts DON'T allow you host.
    {{ DiscussionBoard.errors[5153890].message }}
  • Profile picture of the author GioSec
    Like others have mentioned the most important are:

    1. Secure server

    2. Strong passwords

    3. MAKE SURE *** you have correct permissions on your php files and the process that is running your server. Send an inquiry to your host to verify your files have secure permissions.

    4. Keep wordpress and plugins up to date

    5. Don't use plugins for the hell of it. Every plugin has the potential of adding more insecure code to your install. keep only the necessary plugins that you need.

    6. Make sure you have backups. No matter how hard you try, chances are you will get hacked at some point, so make sure you have backups of your database and the document root so you have something to go back to incase you get hacked.
    {{ DiscussionBoard.errors[5154041].message }}

Trending Topics