GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   How To Secure Your Wordpress Blog ! (https://gfy.com/showthread.php?t=1066530)

Inter-Sex 04-30-2012 07:11 AM
How To Secure Your Wordpress Blog !
 
Yesterday I woke up to find out that some of my wordpress blogs got hacked.

They uploaded in different folders, a shell script, and wiped all from there.
My main page was defaced, and all databases were wiped, so were all my files.

I could get my hands on a backup from about 2/3 weeks ago, so ever thing is again up and running.

Now my question is, how to avoid getting hacked in the future ?
Of course I'd realize not any server, any script will be secure 101%,
but at least I would like to go for 99%. :)

What are your tips and tricks to get wordpress hardened ?

KillerK 04-30-2012 08:03 AM
Fris will know.

But were you running the latest version of WP? Or a older version?

fris 04-30-2012 08:41 AM
Quote:
Originally Posted by Inter-Sex (Post 18916589)
Yesterday I woke up to find out that some of my wordpress blogs got hacked.

They uploaded in different folders, a shell script, and wiped all from there.
My main page was defaced, and all databases were wiped, so were all my files.

I could get my hands on a backup from about 2/3 weeks ago, so ever thing is again up and running.

Now my question is, how to avoid getting hacked in the future ?
Of course I'd realize not any server, any script will be secure 101%,
but at least I would like to go for 99%. :)

What are your tips and tricks to get wordpress hardened ?
are you using dedicated/colo or shared?

I tend to stay far away from shared.

most shared servers are overloaded with 1000's of customers, and if one customer is running an insecure script, it can effect the whole server.

hit me on icq if you need any help.

ottopottomouse 04-30-2012 10:04 AM
plugins?
themes?

19teenporn 04-30-2012 10:14 AM
Secure WP blog:

No shared server.
Always (and quickly) updated to last wp version.
Always plugins updated to last version.
No free themes unless they are very trusted ( they can have backdoors or coding flaws that allow hackers access your site)
Wpdatabase backup plugin or similar, set to backup your db twice a week.
There's a couple of extra security plugins Like Better WP Security, WP Security Scan, etc, etc, etc, you can find easily. You can try if you want.

If you will have wp sites, you MUST have time to keep everything up to date and secure. If you still don't have time, you MUST pay somebody to do it for you.

Paul&John 04-30-2012 10:14 AM
password protected wp-admin folder (using .htaccess) works sofar..

Babaganoosh 04-30-2012 10:18 AM
Quote:
Originally Posted by Paul&John (Post 18916892)
password protected wp-admin folder (using .htaccess) works sofar..
That's all I do.

Well, that and watch my permissions and do updates quickly.

CIVMatt 04-30-2012 10:38 AM
I just started using a plugin called "login-lockdown"

http://wordpress.org/extend/plugins/login-lockdown/

Login LockDown records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.

Already started logging attempts on wp-admin


All times are GMT -7. The time now is 05:50 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123