Results 1 to 15 of 15
  1. #1
    Join Date
    Sep 2011
    Location
    Canada
    Posts
    261

    Wordpress getting hacked

    Hello WHT, if I change the perimission of the index.html to read only and remove the write permission Can I prevent it from hacking the WordPress website??

    Thanks in advance

    P.s.: if u can got me some ways to prevent hacking WordPress website it will be great.
    New learner, and interested to know about Hosting and Web Design. So help me out.

  2. #2
    Hello

    please give me more information.

    Which companies have been your host, and what is yor host os an control panel?

    change all password . db and host panel and any ftp
    change wordpress username and password. (change wp username from phpmyadmin and can not use the same words admin or administartor)
    virus scan your wwwroot files and folders
    encrypt your wp-config.php whit zend or other encrypt software
    install Protected wp-login plugin on your wordpress and change wp-login.php path

    set all your folder permission to 755 ans file is 644

    good luck

  3. #3
    Join Date
    Nov 2012
    Posts
    31
    You can use wordpress firewall plugin, and some plugin tools that allow you to change wordpress standard URL login (wp-admin) to your choice

  4. #4
    Join Date
    Jun 2011
    Posts
    2,286
    I would suggest having a read of the official WordPress documentation: http://codex.wordpress.org/Hardening_WordPress

    Whilst that guide by no means is the end of securing a WordPress blog, it's a good place to start and applying some of the tips won't do any harm.

    Quote Originally Posted by nokhost View Post
    P.s.: if u can got me some ways to prevent hacking WordPress website it will be great.

  5. #5
    Join Date
    Jan 2010
    Location
    USA
    Posts
    2,148
    Here are some important security steps for WordPress:

    1. Update WordPress to the latest version using the update function in the WordPress admin section.

    2. Install the "Better WP Security" pluggin in WordPress. This will add brute force detection and auto-blocking, and it will make it easy to make additional security related improvement to your WordPress site.

    3. Click on the Security tab in the WordPress admin to tweak the security settings.

    4. Change the admin username to something else (since the hackers are trying to guess the password for the WordPress admin account).

    5. While you are tweaking security, change the WordPress table prefix, the user id 1, and some of the other items listed in the Security tab. These things are not related to this current wave of brute force attacks, but these are generally good security ideas that will likely help against future attacks.

    6. Disable and Remove every theme and pluggin that you are not currently using. Leave only the "Better WP Security" pluggin if you can. Fewer themes and pluggins will mean fewer things for hackers to target in the future.

    7. Choose a really strong password for your admin level user. Long, completely random jumbles are the best, because they cannot be quickly guessed in a dictionary attack. Don't use plain English words. Remember, 20+ character random jumbles are drastically more secure than simple passwords like "qwerty" or "password123". Even after you have changed the admin user's username, it is still important to take password complexity seriously.
    No Support Linux Hosting Bargain cPanel Hosting Experts Only
    We IGNORE the support questions, and pass the SAVINGS on to YOU!
    We also ignore questions about VPS Hosting

  6. #6
    Join Date
    Jun 2011
    Posts
    65
    No way I can think of to see stats on proportion of successful attacks where the site owner just installed wordpress with fairly "default" settings and just left it, but I suspect it would be very, very high.
    Even just the change of username (and ideally removal of "admin" entirely) as already mentioned, would be a great help against automated attacks.
    If you're accessing wp-admin from a consistent location (or small set of locations) you could specify your IP address(es) manually using "deny,allow" rules in the .htaccess file to block from everywhere else.

  7. #7
    Join Date
    Apr 2005
    Posts
    1,711
    I second @NoSupportLinuxHostin and @ethernetServers steps. I would also suggest utilizing LastPass to generate and store your password securely. Also, check out Wordfence as well, it has some very useful security features.
    Zach E. - Kualowww.kualo.com
    Shared Web Hosting, Reseller Hosting, Cloud VPS & Dedicated Servers
    UK: 0800 138 3235 ❘ USA: 1-800-995-8256

  8. #8
    Join Date
    Jun 2003
    Location
    California
    Posts
    2,766
    Quote Originally Posted by NoSupportLinuxHostin View Post
    6. Disable and Remove every theme and pluggin that you are not currently using. Leave only the "Better WP Security" pluggin if you can. Fewer themes and pluggins will mean fewer things for hackers to target in the future.
    Good advice, but I always tell clients to leave one of the default themes available, such as TwentyTwelve or TwentyThirteen. The reason is that if their current theme breaks and they cannot access Admin, they can delete it via FTP and the default theme takes over, allowing access.

  9. #9
    Join Date
    Jan 2010
    Location
    USA
    Posts
    2,148
    Quote Originally Posted by fshagan View Post
    Good advice, but I always tell clients to leave one of the default themes available, such as TwentyTwelve or TwentyThirteen. The reason is that if their current theme breaks and they cannot access Admin, they can delete it via FTP and the default theme takes over, allowing access.
    That is a good idea. If they do that, make sure they keep the default theme updated.
    No Support Linux Hosting Bargain cPanel Hosting Experts Only
    We IGNORE the support questions, and pass the SAVINGS on to YOU!
    We also ignore questions about VPS Hosting

  10. #10
    Quote Originally Posted by jetorbit View Post
    You can use wordpress firewall plugin, and some plugin tools that allow you to change wordpress standard URL login (wp-admin) to your choice
    if we use wordpress firewall plugins and some other plugin tools, please also provide the name What other tools we can use in wordpress

  11. #11
    Join Date
    Nov 2010
    Posts
    83
    1. Always keep your WordPress installation up to date.
    2. You can change the permission of wp-config.php to something like 0600 depending on your server's environment.
    3. Choose a strong password.
    4. Install security plugins like Limit Login Attempts, Better WP Security
    5. You can also restrict the admin panel to be accessible only from your IP using a .htaccess file.

    Hope this helps.

  12. #12
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Excellent points made by folks above.

    One thing noone has mentioned yet - add a .htaccess file to your uploads area to prevent .php execution. I think Better WP Security will do that for you.

  13. #13

    Securing your wordpress

    Using the security plugin available in wordpress WP security, using a strong password, Update the Wordpress Version, use the two step identification and change to two step authentication, install a security plug-in, scan your local machine, check .htaccess file for hacks, restore backup if possible and have regular backups, use a good theme which is secure, and updated cms, block spams.

  14. #14
    In addition to the excellent tips suggested by others, here are a few more:

    1) Remove your username from the author archive URL

    WP displays your username in the URL of your author archive page, by default, for example, if your username is myname, your author archive page is: yoursite.com/author/myname
    -------------------
    2) Disable file editing through the dashboard
    In a default WP installation, navigate to Appearance > Editor and edit any of your theme files right in the dashboard.

    You don't want a hacker who has figured out how to get to your admin panel, to also edit your files that way, and execute whatever nasty code they want to.

    By adding the following line to

    your wp-config.php file:

    define (‘DISALLOW_FILE_EDIT’, true);

    you can disable this method of file editing.
    -----------
    3) Avoid free themes and plugins, unless they have been built by a reputable developer.
    --------
    4) Make regular backups (as some others have already said)

  15. #15
    Join Date
    Nov 2004
    Location
    Australia
    Posts
    1,683
    Quote Originally Posted by Hanna Kemenitz View Post
    3) Avoid free themes and plugins, unless they have been built by a reputable developer.
    Love the author archive tip, hadn't seen that before.

    I'd go so far as to say "Never use a free wordpress theme via Google" - always use them from the WordPress repository. WordPress will remove themes with trojans or hacks from their repository whereas a study a few years back showed almost all the top ten hits for "free wordpress theme" contained trojans or dubious software.

Similar Threads

  1. Hacked WordPress sites
    By LampNetworks in forum VPS Hosting
    Replies: 2
    Last Post: 10-25-2012, 01:53 PM
  2. all wordpress blogs hacked
    By prashant1979 in forum Hosting Security and Technology
    Replies: 9
    Last Post: 04-30-2012, 03:59 PM
  3. Wordpress Hacked, now what?
    By asoduk in forum Web Hosting
    Replies: 13
    Last Post: 10-20-2011, 01:40 AM
  4. Wordpress Sites being Hacked?
    By pwpeery in forum Hosting Security and Technology
    Replies: 10
    Last Post: 07-14-2010, 12:59 PM
  5. Wordpress 2.8.5 site hacked
    By roberb7 in forum Hosting Security and Technology
    Replies: 12
    Last Post: 11-15-2009, 08:28 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •