|   |   |   | ||||
| Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. | 
|    | 
| 
 | |||||||
| Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed. | 
|  | Thread Tools | 
|  04-30-2012, 07:11 AM | #1 | 
| Confirmed User Industry Role:  Join Date: Nov 2005 Location: Spain :) 
					Posts: 2,231
				 | 
				
				How To Secure Your Wordpress Blog !
			 Yesterday I woke up to find out that some of my wordpress blogs got hacked. They uploaded in different folders, a shell script, and wiped all from there. My main page was defaced, and all databases were wiped, so were all my files. I could get my hands on a backup from about 2/3 weeks ago, so ever thing is again up and running. Now my question is, how to avoid getting hacked in the future ? Of course I'd realize not any server, any script will be secure 101%, but at least I would like to go for 99%.  What are your tips and tricks to get wordpress hardened ? | 
|   |           | 
|  04-30-2012, 08:03 AM | #2 | 
| Confirmed User Join Date: May 2008 
					Posts: 3,406
				 | Fris will know. But were you running the latest version of WP? Or a older version? | 
|   |           | 
|  04-30-2012, 08:41 AM | #3 | |
| Too lazy to set a custom title Industry Role:  Join Date: Aug 2002 
					Posts: 55,372
				 | Quote: 
 I tend to stay far away from shared. most shared servers are overloaded with 1000's of customers, and if one customer is running an insecure script, it can effect the whole server. hit me on icq if you need any help. 
				__________________ Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.  WP Stuff | |
|   |           | 
|  04-30-2012, 10:04 AM | #4 | 
| She is ugly, bad luck. Industry Role:  Join Date: Jan 2010 
					Posts: 13,177
				 | plugins? themes? 
				__________________ ↑ see post ↑ 13101 | 
|   |           | 
|  04-30-2012, 10:14 AM | #5 | 
| Confirmed User Industry Role:  Join Date: Apr 2011 Location: En la reverendisima concha de tu madre! 
					Posts: 3,034
				 | Secure WP blog: No shared server. Always (and quickly) updated to last wp version. Always plugins updated to last version. No free themes unless they are very trusted ( they can have backdoors or coding flaws that allow hackers access your site) Wpdatabase backup plugin or similar, set to backup your db twice a week. There's a couple of extra security plugins Like Better WP Security, WP Security Scan, etc, etc, etc, you can find easily. You can try if you want. If you will have wp sites, you MUST have time to keep everything up to date and secure. If you still don't have time, you MUST pay somebody to do it for you. | 
|   |           | 
|  04-30-2012, 10:14 AM | #6 | 
| Confirmed User Industry Role:  Join Date: Aug 2005 Location: YUROP 
					Posts: 8,614
				 | password protected wp-admin folder (using .htaccess) works sofar.. 
				__________________  Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo! Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here | 
|   |           | 
|  04-30-2012, 10:18 AM | #7 | |
| ♥♥♥ Likes Hugs ♥♥♥ Industry Role:  Join Date: Nov 2001 Location: /home 
					Posts: 15,841
				 | Quote: 
 Well, that and watch my permissions and do updates quickly. 
				__________________ I like pie. | |
|   |           | 
|  04-30-2012, 10:38 AM | #8 | 
| Amateur Pimpin Industry Role:  Join Date: Aug 2004 Location: Orlando, FL 
					Posts: 13,075
				 | I just started using a plugin called "login-lockdown" http://wordpress.org/extend/plugins/login-lockdown/ Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel. Already started logging attempts on wp-admin 
				__________________ Make easy money with Webcams | 
|   |           |