15 {{ upvoteCount | shortNum }}
15 {{ upvoteCount | shortNum }}

Membership site using Wordpress and security concerns

by amyvester
13 replies
  • WEB DESIGN
    • |
I am looking to do a project that I have wanted to run as a trial for some time. I am looking to do a small membership website using godaddy hosting and WP. I have looked at a couple of highly rated membership programs that integrate into the WP platform. I am also. On concerned about what I need to put in place to prevent getting hacked.
#concerns #membership #security #site #wordpress
  • Profile picture of the author Istvan Horvath
    My very first concern would be having GD as a host...
    Signature

    {{ DiscussionBoard.errors[5192472].message }}
  • Profile picture of the author AnniePot
    After reading repeated reports here on serious issues other members have encountered with GoDaddy, I would be significantly more concerned with your choice of hosting, than potential security issues with Wordpress.
    {{ DiscussionBoard.errors[5192480].message }}
    • Profile picture of the author Beetlesales
      I would highly suggest purchasing an SSL Certificate for your website's server. GoDaddy is a worthless hosting company! Check out Arvixe.
      {{ DiscussionBoard.errors[5192507].message }}
  • Profile picture of the author mgreener
    Hi,

    Amember is a great membership program for Wordpress.

    As far as security, there are a few things that you can do.

    1. The most important will be your hosting and the degree of "hardening" (securing) employed. To have maximum control of this, you would need a dedicated server which you probably don't need if the site is just starting out.

    2. Go through a "securing wordpress" type checklist once you have installed it and make the recommended security changes. (there are several of these types of lists if you search).

    3. Be sure to keep Wordpress up-to-date all the time as many updates aim to fix security issues.

    4. Use secure passwords.

    5. Do all this and don't worry
    Signature
    2 Free Pro List Building Templates - Turbocharge Your Opt Ins
    {{ DiscussionBoard.errors[5192523].message }}
  • Profile picture of the author Power Solutions
    Yes, please do look into Hostgator or MDD Hosting or any other of the popular web hosting companies. Godaddy for hosting = No! You can look into S2 Member for a free option for a membership website. They also have some sort of paid upgrade. Even the free version incorporates paid membership. You can protect entire posts or partial content.
    Signature
    -=: Internet Marketing News :=------=: Resources I Use :=------=: Prime Ad Network :=------=: ?Profit? :=-
    {{ DiscussionBoard.errors[5192906].message }}
    • Profile picture of the author amyvester
      Thanks for the responses, all good info. I am open to other hosting options, just was going to do GoDaddy because that is where the domains are. What other recommendations for hosting does the Warriors have for me?
      {{ DiscussionBoard.errors[5193293].message }}
      • Profile picture of the author Beetlesales
        Originally Posted by amyvester View Post

        Thanks for the responses, all good info. I am open to other hosting options, just was going to do GoDaddy because that is where the domains are. What other recommendations for hosting does the Warriors have for me?
        Arvixe.com
        {{ DiscussionBoard.errors[5193318].message }}
        • Profile picture of the author amyvester
          Great so it looks like I could go with the personal plan for $5 month to start with. Dumb question but should I do the Linux or windows version?
          {{ DiscussionBoard.errors[5195229].message }}
  • Profile picture of the author Istvan Horvath
    just was going to do GoDaddy because that is where the domains are.
    That's exactly what you should NOT do ever with any company!
    Don't have the same company as your registrar and your host!

    (Besides GD is a bad host, regardless...)
    Signature

    {{ DiscussionBoard.errors[5193321].message }}
  • Profile picture of the author Istvan Horvath
    Not a dumb question... Always go with the Linux, unless you have some Microsoft-specific gizmo or plan to use one. Not likely.
    Signature

    {{ DiscussionBoard.errors[5195262].message }}
  • Profile picture of the author shqipo
    Here's what I'd do (meaning, what I've done):
    1. Change database table prefix from wp to anything else (if you know how to do it)
    2. Create a new user other than "admin": in the dashboard, create a new user with full rights. Obviously, a username other than "admin". Then login as new user and delete "admin". Some hacking scripts are programmed to target "admin"
    3. Use ssl. Some hosts provide a free ssl certificate with their hosting. Mine does.
    4. Use this plugin to limit login attempts. What it does: -Rate limits failed login attempts - Can hinder brute force attacks -Notifies in case of too many failures
    5. Use Duo Wordpress
    6. Backup your Database regularly
    {{ DiscussionBoard.errors[5195903].message }}
  • Profile picture of the author Istvan Horvath
    1. And if I don't?

    2. Too complicated... If you really are that WP expert as you present it, you should know that since WP version 3+ you can change the username of the main admin to anything right BEFORE the install. (Just try to do a manual install and you will discover it)

    3. Here is what I'd do: never ever would use a hidden affiliate link in my posts, risking to be deleted, banned etc...
    Signature

    {{ DiscussionBoard.errors[5196025].message }}
    • Profile picture of the author shqipo
      Originally Posted by Istvan Horvath View Post

      1. And if I don't?

      2. Too complicated... If you really are that WP expert as you present it, you should know that since WP version 3+ you can change the username of the main admin to anything right BEFORE the install. (Just try to do a manual install and you will discover it)

      3. Here is what I'd do: never ever would use a hidden affiliate link in my posts, risking to be deleted, banned etc...
      I didn't claim to be "that WP expert". I didn't know there was a pissing competition going on - g*d forbid to comment on the same thread as an expert who has published a WSO about WP (but who, so far, has only proposed to move away from Godaddy - a valid advice nonetheless). I was simply responding to the OP. I doubt she/he has changed the main admin before the install but if she has, I'm happy and she can scratch that out of the list. I gave some options, I never claimed she better does these or die. You can get the "thanks", don't worry, I won't be jealous
      {{ DiscussionBoard.errors[5196046].message }}

Trending Topics