Is Wordpress Vulnerable In Terms of Security/Hacking?

10 replies
  • |
I wasn't sure where to post this thread.

The first site I ever made, was build in WP, and when I got it ranked on page 1 for a competitive term, the site was hacked. For a few weeks I lost serious rankings, and the site was rendered useless.

I tried various things to fix the site, but couldn't do it on my own. So I wound up custom coding the entire site off WP, and now the site seems much more secure (I am not good at coding, I only know the basics).

I have a new site, that is slowly moving up the ranks, that is built on the same theme, and I believe it is vulnerable. I'm not sure if its the plugins, or something else, but I don't trust the site.

So how do you guys manage security on wordpress sites?
Are there plugins that can actually scan other plugins, to look for malicious code? Is that something I have to do manually?

Should I outsource this type of work? Is that even safe?

What would you guys do? I really don't want to risk this site getting hacked, as 1 hacking experience was bad enough.

Thanks - Red
#security or hacking #terms #vulnerable #wordpress
  • Profile picture of the author Michael71
    Always keep your blog up to date.

    Check every theme/plugin you are using, when not sure if it is okay, by downloading to your own computer, unpack, virus check, ...

    I am using different WP plugins and some .htaccess magic - my own creation ;-) ...

    It works out for me, I am blocking people that are trying the password recovery/login immediately.

    There are a few things you MUST know before installing and securing a WP blog.

    Hit me up on skype if you need more informations.

    By the way...

    I did a research on WP exploits/hacking some months ago... so I guess I could tell you a lot about this bad bad stuff ;-)

    HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
    Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design -

    {{ DiscussionBoard.errors[7675477].message }}
  • Profile picture of the author mikelmraz
    There are some security plugins for Wordpress. You may want to check them out.
    {{ DiscussionBoard.errors[7675959].message }}
  • Profile picture of the author Abledragon
    Because it's so popular, WordPress is a target for hackers - just as Internet Explorer (and MS Operating systems) are. However, the WordPress team are extremely diligent on security and any loopholes that are discovered are addressed immediately.

    That only affects the WordPress core, though, and you have your themes and plugins to consider as these are developed by third parties.

    Clearly the smartest move is to make sure your versions (WordPress, plugins and themes) are always at the current (i.e. latest) level.

    Here are some things you can do as a non-techie, which are easy:

    Make sure your user name isn't 'admin'. If it is (or there's a user on your site with that username) set up a new one with administrator rights but a different username, check that it works and then delete the user 'admin'. You can use letters, numbers, some symbols, spaces and different cases for your user name, as you can for your password.

    Be sure to change your nickname, so that your username isn't displayed publicly

    Check your own computer for viruses or malware and keep it clean.

    Use SFTP instead of FTP to transfer files between your computer and server.

    Always keep a full site backup of the latest version of your site.

    If you have more than one user with administrator rights on your site make sure you know who they are and that you trust them implicitly. If someone needs admin access to your site (to fix a problem, for example) do not give them your login details. Create a new admin user for them and delete it immediately after they've done what they needed to do.

    If your site is hacked be sure to change not only your WordPress login details once it's restored, but also your cPanel (or hosting provider) and FTP login details as well.

    There are other things you can do that are a bit more techie, but for a non-techie person those steps above will help.


    WealthyDragon - Earning My Living Online
    {{ DiscussionBoard.errors[7676345].message }}
  • Profile picture of the author run
    Wordpress cores are regularly update to prevent any risk of hacks. Many fortune big sites also use Wordpress. Some reasons that take Wordpress based sites to fall into security vulnerability are from the third party conditions. Hosting in a share server which host other sites that have security loophole is also a mess. Have strong username and password and change it regularly could also help. Check and change Wordpress directories and files permissions are good. Protect brute force attack by either permit login attempt, change login url to custom one other than default urls, password protected admin directory, or even allow only specific IP to access the login page are great. Always do backups as often as possible is a good practice. Follow the latest versions of themes and plugins to make sure the compartibility and secure. Scan or check all files for malicious codes before uploading to the site server. Deactivate and delete the themes and plugins that are no longer use. Use third parties service to protect from fraud and hackers if doable. There many other methods to prevent Wordpress based sites from being hack.
    I just wanna tell you that most of the links in the signature are trash and/or a trap to make you pay!
    {{ DiscussionBoard.errors[7677068].message }}
  • Profile picture of the author Makis77
    There is some basic rules to follow in order to keep your WP website out of hackers reach:

    1. Hackers proof hosting, WP is popular so already many hosts claim to be WP friendly BUT only few of them a hacker proof when it comes to their reseller packages
    2. Keep your WP version and plugins and themes up to date. Usually people overlook the themes updates this summers timthumb vulnerability where thousands os WP website got screwed over a js backdoor.
    3. Use WP plugins that alert in any change of your WP core files code.
    4. Use WP admin username different than admin
    5. When installing WP give database a different prefix than the usual one "WP"
    6. Check out your website once in a while for any suspicious activity

    If you have a high traffic website that generates revenue then I advise to subscribe with a premium WP hack proof service, it will save you money and time down the road.

    - Looking to install WordPress?
    - Do you have problems installing or editing a theme?
    - Is your WordPress version outdated and in need of an upgrade?

    Fix My WP
    can do all this for you for $35 per job!

    {{ DiscussionBoard.errors[7677119].message }}
  • Profile picture of the author deewaker72
    1.Hackproof hosting
    2.Keep your WP version and plugins and themes up to date3.Delete all unused plugins and themes.
    4.Download themes or plugins from trusted sites or from
    5.Remove all spam comments regularly.
    6. Check out your cpanel of your website once in a while if possible.
    Signature - Best Collection of Status, Quotes, Jokes, DP Images, Memes.
    {{ DiscussionBoard.errors[7767965].message }}
  • Profile picture of the author imoffersonline
    wordpress is more secure than any other cms ,like joomla.
    keep your version of wordpress & plugins up to date.

    more important: always take a backup so in worst case you can sve your data and put it online again.

    I'm Ready for learning.

    {{ DiscussionBoard.errors[7768916].message }}
  • Profile picture of the author KrisN
    I use Better WP Security that makes my blog as secure as a bank and BackWPup to regularly backup my site to my dropbox account in case something goes wrong.

    Worst case scenario I lose few days worth of stuff, but I don't update my site that often anyway.

    Both plugins are free too.

    My journey to 1000 subscribers: Detailed Success - Traffic -> Subscribers -> Sales

    {{ DiscussionBoard.errors[7772651].message }}
  • Profile picture of the author Michael71
    Everything is hackable, there is no "hack proof hosting provider", there is nothing 100% secure.

    Personally I am using Wordfence, some .htaccess rules, a backup solution for Wordpress (daily backups of db and all files, like backupbuddy or similar).

    Never use the standard values when installing Wordpress. Do not use admin as username, use a username that is hard to guess. Do not use wp_ as database prefix.

    Make sure WP and plugins/themes are ALWAYS up to date (most people just ignore this) and do not use plugins/themes from unreliable sources.

    Even files on can be infected with malicious code... if you are unsure about plugins/themes ask other people that are using these.

    Here is a list of known WP exploits:

    HTML/CSS/jQuery/ZURB Foundation/Twitter Bootstrap/Wordpress/Frontend Performance Optimizing
    Need HTML/CSS help? Skype: microcosmic - Test Your Responsive Design -

    {{ DiscussionBoard.errors[7772684].message }}
  • Profile picture of the author MONEYDON
    Nice Thanks For The Link
    {{ DiscussionBoard.errors[7964676].message }}

Trending Topics