Inter-Sex

Yesterday I woke up to find out that some of my wordpress blogs got hacked.

They uploaded in different folders, a shell script, and wiped all from there.
My main page was defaced, and all databases were wiped, so were all my files.

I could get my hands on a backup from about 2/3 weeks ago, so ever thing is again up and running.

Now my question is, how to avoid getting hacked in the future ?
Of course I'd realize not any server, any script will be secure 101%,
but at least I would like to go for 99%.

What are your tips and tricks to get wordpress hardened ?

KillerK

Fris will know.

But were you running the latest version of WP? Or a older version?

fris

are you using dedicated/colo or shared?

I tend to stay far away from shared.

most shared servers are overloaded with 1000's of customers, and if one customer is running an insecure script, it can effect the whole server.

hit me on icq if you need any help.

__________________
Since 1999: 69 Adult Industry awards for Best Hosting Company and professional excellence.


WP Stuff

ottopottomouse

plugins?
themes?

__________________
↑ see post ↑
13101

19teenporn

Secure WP blog:

No shared server.
Always (and quickly) updated to last wp version.
Always plugins updated to last version.
No free themes unless they are very trusted ( they can have backdoors or coding flaws that allow hackers access your site)
Wpdatabase backup plugin or similar, set to backup your db twice a week.
There's a couple of extra security plugins Like Better WP Security, WP Security Scan, etc, etc, etc, you can find easily. You can try if you want.

If you will have wp sites, you MUST have time to keep everything up to date and secure. If you still don't have time, you MUST pay somebody to do it for you.

Paul&John

password protected wp-admin folder (using .htaccess) works sofar..

__________________
Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

Babaganoosh

That's all I do.

Well, that and watch my permissions and do updates quickly.

__________________
I like pie.

CIVMatt

I just started using a plugin called "login-lockdown"

http://wordpress.org/extend/plugins/login-lockdown/

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.

Already started logging attempts on wp-admin

__________________
Make easy money with Webcams