How to keep your WordPress website safe or spam free?

Discussion in 'Wordpress' started by bmwillsmith, Mar 27, 2015.

  1. bmwillsmith

    bmwillsmith
    uix_expand uix_collapse
    Member

    Joined:
    Jan 23, 2014
    Messages:
    380
    Likes Received:
    10
    Friends, be aware of this, WordPress is a most popular content management system, at the same time it has disadavantages also like inserting spam code, hacking, plugin issues. Using following tips you can keep it safe and clean.

    - Do not use free themes, buy premium themes
    - Premium theme provider should have 24/7 customer support via mail/chat
    - Update the theme regularly
    - Do not install weak/spam plugins
    - Update plugins regularly
    - Take a backup before update your WordPress website
    - Participate and learn new updates about WordPress Versions, real time problems and solutions
     
    • Like Like x 1
    • Agree Agree x 1
  2. UCkeith

    UCkeith
    uix_expand uix_collapse
    New Member

    Joined:
    Mar 26, 2015
    Messages:
    19
    Likes Received:
    4
    Great post! Our Sys Admins are always telling WP clients to keep their WP updated; but love the theme and plugin advise!
     
  3. ellisthomas86

    ellisthomas86
    uix_expand uix_collapse
    Member

    Joined:
    Dec 23, 2013
    Messages:
    201
    Likes Received:
    12
    Yes that's very correct. I had a wordpress website which after a couple of weeks got hacked by someone. And then I was left with no option than deleting all the files and again starting from scratch. I lost the work done for those weeks, but learned a lesson and now my website is build up in Drupal. Although it is little heavy, but from secure point of view its well and good.
     
  4. UCkeith

    UCkeith
    uix_expand uix_collapse
    New Member

    Joined:
    Mar 26, 2015
    Messages:
    19
    Likes Received:
    4
    We are seeing an increase in a number of injection attacks against wordpress websites; it does keep you on your toes to make sure things are hardened. We also see joomla and drupal sites attacked but from my perspective, joomla and drupal seems to more secure from the core file standpoint.

    Suggestions that we make to any of our CMS clients is to be vigil with the templates and plugins they add to their site - if there is a "hole" in the plugin or template, the entire site becomes vulnerable. For wordpress, definitely change the directory name of the admin directory. Also, keep the CMS up to date. I cannot tell you how many "hacks" occur because the cms is not up to do.

    You can keep a shard server as hardened as possible, but if a cms user does not have a current build; there is not enough security to stop the exploit without having a full time staff constantly monitoring the site.

    Cheers
    Keith
     
  5. vaishu108k

    vaishu108k
    uix_expand uix_collapse
    New Member

    Joined:
    Apr 1, 2015
    Messages:
    2
    Likes Received:
    1
    Don't install unnecessary plugins which might result spamming you site.
    Install high rating themes
    Keep on changing admin password
     
  6. kaufenpreis

    kaufenpreis
    uix_expand uix_collapse
    Member

    Joined:
    Jun 12, 2014
    Messages:
    68
    Likes Received:
    1
    1. Keep your blogging software up to date
    2. Choose secure logins and passwords
    3. Beef up security with WordPress plugins
    4. Only blog from a system that is safe, secure, and spyware-free
    5. Automated backups: set it and forget it
    6. Stop spammers in their tracks
    And I use AVH first defence against spam with project honeypot API, its completely free and i got spams very very rarely. This make me concentrate on core blogging.
     
  7. AakashAgarwal

    AakashAgarwal
    uix_expand uix_collapse
    New Member

    Joined:
    Apr 2, 2015
    Messages:
    16
    Likes Received:
    2

    Thanks sharing good info. We have started new wordpress website development now. It's very much useful for me.
     
  8. Ethan2

    Ethan2
    uix_expand uix_collapse
    Member

    Joined:
    Jan 12, 2015
    Messages:
    42
    Likes Received:
    0
    Good knowledge about Wordpress . E-comerce is developing faster and faster, security in business is more and more important than ever
     
  9. bmwillsmith

    bmwillsmith
    uix_expand uix_collapse
    Member

    Joined:
    Jan 23, 2014
    Messages:
    380
    Likes Received:
    10
    We can use anti spammers but it not full fledged solution to prevent hacks. It's always better to keep a backup file which will gives instant solution to website threads/hacks. Recently i have faced this issue, even unused(but installed) plugins gets spam and it was noticed by hosting company. I can suggest that we should remove unused, inactive, default themes, which is a safe way to reduce the damage.
     
  10. bonjoseph85

    bonjoseph85
    uix_expand uix_collapse
    New Member

    Joined:
    Feb 6, 2015
    Messages:
    7
    Likes Received:
    2
    There are lots of security plugins are available in Wordpress. You can use those plugins for security. I am a big fan of Login lockdown. It has a feature that locks your website when someone illegally tries to lo-gin. Any experienced Wordpress developer can suggest you some best plugins which are useful for your website.
     
    #10 bonjoseph85, Jun 24, 2015
    Last edited: Jun 24, 2015
  11. dyhair77

    dyhair77
    uix_expand uix_collapse
    New Member

    Joined:
    Feb 4, 2015
    Messages:
    11
    Likes Received:
    0
    Hello Friends,

    WP Antivirus Site Protection plugin is a great solution for all website owners. It was developed by our engineers who has a many years experience in website security. Our plugin intelligently crawl your website and identify all possible infections and backdoors on your website. Every day we update database and add new logics and functions (Heuristic Logic feature) to keep your website safe.
     
  12. SpikeTheLobster

    SpikeTheLobster
    uix_expand uix_collapse
    Member

    Joined:
    Jul 4, 2015
    Messages:
    34
    Likes Received:
    15
    For WP? Akismet handles everything on the spam front and always has, in my case. Rarely have any trouble at all, across a wide range of sites.

    Over the years, I've run into a lot of other problems as well. I've been mildly hacked through a plugin downloaded direct from WP.org (the Google Translate one that has since been removed), so I'm wary of things that get posted, even there.

    I've found the following plugins useful:

    Disable XML-RPC : I'm not a big pingback person, and there are so many exploits and holes in the whole thing that I switch it off.
    Login LockDown : keeps people out of your login screen when they hammer it. Remember that the default login process in WP is a mine of information for hackers, even if they can't get in, because it responds differently when they guess a correct username. From there, a dictionary attack is enough to get them in.
    WP AntiDDOS : you don't need it switched on most of the time, but boy is it a life-saver when you get hit!
    Audit Trail : Very useful if you do anything with submitted content,
    AntiVirus : like, yeah.
    BBQ: Block Bad Queries : critical for any site running a content submission system. This one traps those sneaky scripts and stuff that people try to put in their submissions to wheedle their way into your setup.

    And finally:

    Ultimate Security Checker : really cool for spotting where the gaps are in your defences.

    Hope it helps!
     
  13. dyhair77

    dyhair77
    uix_expand uix_collapse
    New Member

    Joined:
    Feb 4, 2015
    Messages:
    11
    Likes Received:
    0
    Hello Friends,

    The problem facing spam targeted wordpress blogs is that most of the spam registrations or comments are done by a mixture of "bots" robots and human spamming. Most of the spam registration systems fail including captcha precisely because the human factor kicks in during registration, also these captcha systems "push away" real user registrations and can injure your professional, commercial, sales based website income.
     
  14. archlinux

    archlinux
    uix_expand uix_collapse
    New Member

    Joined:
    Feb 7, 2016
    Messages:
    15
    Likes Received:
    1

    free plugins is okay , or i have to use paid one ?
     
  15. fisicx

    fisicx
    uix_expand uix_collapse
    Member
    Community Liaison 1.0

    Joined:
    Mar 3, 2016
    Messages:
    370
    Likes Received:
    23
    Depends on what you want from the plugin. Wordfence is free but Akismet isn't. But is you have disabled comments you don't need Akismet.
     
  16. bmwillsmith

    bmwillsmith
    uix_expand uix_collapse
    Member

    Joined:
    Jan 23, 2014
    Messages:
    380
    Likes Received:
    10
    I do agree with your point that captcha won't serve the purpose to keep the WordPress back end safe, we need to take the backup and keep an eye regularly. If it get's hacked we will get notification in the google search results 'This site may be hacked', this happens mostly in the case of WordPress sites.
     
  17. alastairbrian

    alastairbrian
    uix_expand uix_collapse
    Member

    Joined:
    Jun 16, 2014
    Messages:
    194
    Likes Received:
    4
    One more thing that I want to add here is that WP users are always facing the security threats by hackers. So keep the backup of their sites regularly.
     

Share This Page