How to avoid Wordpress Hacker?

Discussion in 'Internet Marketing' started by ChrisLeads, Jun 15, 2012.

  1. ChrisLeads

    ChrisLeads
    uix_expand uix_collapse
    Member

    Joined:
    May 14, 2012
    Messages:
    98
    Likes Received:
    8
    I have 3 sites that has been hacked this previous week. One of my sites was hacked 2 times, I already changed password and username, I also have WP security installed. Although I have my backups, I really want to get rid of it.

    Any ideas whats wrong?

    Thanks
     
  2. sayitproud

    sayitproud
    uix_expand uix_collapse
    Member

    Joined:
    Jun 7, 2012
    Messages:
    89
    Likes Received:
    18
    Definitely do backups. Also you might want to install the plugin called Login Lockdown.

    Beyond that, talk to your hosting company about it and see if they can figure out any info on who is doing it. They might be able to tell you ways to protect yourself.
     
  3. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Make sure you are using the latest version of WordPress, plus the latest versions of any other scripts you are using on your site.
     
  4. platnumcn

    platnumcn
    uix_expand uix_collapse
    Member

    Joined:
    Jun 16, 2012
    Messages:
    110
    Likes Received:
    8
    backup your db, keep upgrading your wp to new version, find a relable hosting company.
     
  5. driansmith

    driansmith
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Aug 2, 2010
    Messages:
    37
    Likes Received:
    6
    The issue here is 'where does the weakness usually apply with a Wordpress installation' - correct?
    On the basis that the installation has the most recent update - how does the attack usually take place? Where is the usual chink in the armour?
     
  6. printingray

    printingray
    uix_expand uix_collapse
    Member

    Joined:
    Apr 20, 2012
    Messages:
    546
    Likes Received:
    18
  7. GeekGhost

    GeekGhost
    uix_expand uix_collapse
    Member

    Joined:
    Oct 5, 2012
    Messages:
    217
    Likes Received:
    96
    The most important thing to do is keep Wordpress and all plugins updated.

    Remove any plugins you are not using.

    Make sure the server you are hosted on is also secured.

    Finally, make sure you are not using easy to break passwords. Use a combination of numbers, letters, uppercase, lowercase and symbols.
     
  8. daytrader

    daytrader
    uix_expand uix_collapse
    Active Member

    Joined:
    Jul 29, 2009
    Messages:
    1,678
    Likes Received:
    216
    My wordpress site have been hacked too so what I did is create an htaccess file inside the wp-admin with this content.

    add this method to harden you security.
     
  9. zeropid

    zeropid
    uix_expand uix_collapse
    Member

    Joined:
    Oct 24, 2011
    Messages:
    392
    Likes Received:
    12
    It will only work if you have static IP. But people mostly have dynamic IPs and could travel
     
  10. daytrader

    daytrader
    uix_expand uix_collapse
    Active Member

    Joined:
    Jul 29, 2009
    Messages:
    1,678
    Likes Received:
    216
    yes. but then again, you can edit the htaccess everytime you have to login. I don't think the hacker will have the same ip either but its the owner who can access the cpanel to edit the htaccess.
     
  11. driansmith

    driansmith
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Aug 2, 2010
    Messages:
    37
    Likes Received:
    6
    Unfortunately, very true zeropid.
    Can you allow access though from a SINGLE IP address though? Your own? Not tried this.
     
  12. altcom

    altcom
    uix_expand uix_collapse
    Member

    Joined:
    Sep 13, 2012
    Messages:
    440
    Likes Received:
    100
    There are few simple way to make wordpress more secure.

    1. Get a better hosting. If the hosting protection is low, no matter security strategic you implement to the wordpress, it will be pointless.
    2. change wp_ prefix to other name. If you using non default prefix, it is harder for hacker to detect it.
    3. implement strong password to both SQL and admin login e.g. a7r%#GCse"85O)h
    4. Never use default admin as login id
    5. reduce plugin. When a site have more features and plugin, it seem like open more gateway for hacker to attack our site.
     
  13. Catherine

    Catherine
    uix_expand uix_collapse
    Member

    Joined:
    Aug 16, 2012
    Messages:
    106
    Likes Received:
    4
    there is one way you can provide your real ip address for avoiding the hackers. it is that you can use the instruction and other software to hide real ip and then hackers could not find the information about the users.
     

Share This Page