How to secure my site

Hello,

I develop a new site using wordpress. What step should I have to take to secure my site from hackers

 

Project (site) security it's complex component depends on measures taken in server management and the quality of written code. A lot of problems related to security that cannot be fully described here. You should be interested in reading books of "security web applications".

 

Wordpress is a much secure CMS (Good choice) . Just keep updating it whenever new versions are released and you will be good to go

 

Do not get crazy with Wordpress plugins. Many people install really young plugins from inexperienced programmers. For instance, TimThumb is a popular image resizer so a lot of people use the TimThumb.php code in their plugins and themes. TimThumb had a huge security weakness that affected a lot of Wordpress users, with many old themes and old, undeveloped plugins that do not get updated running that insecure php code still.

I stick with routinely updated plugins that are installed by a lot of people.

 

Well it depends on you how you want to secure your site. Till now word-press is secured but the main reason of hacking is the entive use of plugin which proved our to be vulnerable after even updating it. So try to use as minimum plugin as possible. Make use of your coding ability to add features in wordpress. Second many hacks are initiated server side too. They hack other site on a web server and then initiate a rooting attack to gain hold on server to hack differnt sites or if that fails they try to do symlink attack or any possible way it can work.

 

Install wp firewall plugin..

 

What is the best set of plugins to use for WordPress security?

My WordPress blogs were infected this morning with a script that looks like this: (WordPress was upgraded and FTP permissions set properly, but that wasn't good enough.)

I see various posts online like 35 best wordpress security plugins, etc. But is someone really going to install all 35 at once? I know it would cause confliect. So, instead of every individual person duplicating the work of researching each one, can everyone please post what you are using for WordPress security (preventing server attacks) and find most effective for security?

Thanks!

 

Wordpress security plugins are pretty weak because they all do the same thing. If you read up about permissions and stop using FTP, since you mentioned it, you will increase your overall security. FTP is a clear text protocol, which many people forget, so it means any virus or anyone sniffing your Internet connection (lets say you're using a coffee shop) can grab your FTP credentials. Viruses also grab cached FTP client software credentials too.

 

Hi,
I have a bad story with this<security of website>, its very long but in few words i will tell you to use sitelock to protect your webiste.

Regards

 

First of all, you need to know your enemy. Only if a website consists of static pages the question of secure ur website up to 90% depends on server settings and software.Till now word-press is secured in the website.

 

I ended up putting an htaccess file in the wp-admin folder that says deny all, so no one can hack into the admin to change anything. When I want to make a new post, I remove htaccess file temporarily, then put back after posting. Seems to work ok so far. It may not work for autoblogs though- not sure.

 

That is the worst idea ever and gives you a false sense of security. An .htaccess file was never meant to do that when you may have a virus running on your system catching your FTP password or grabbing your cached passwords.

 

I would like to recommend you refer to the following official solution provided by the wordpress organization

http://codex.wordpress.org/Hardening_WordPress

 

Run a security audit on your website. If the safety audit on its website shows that you have security concerns, and if your host can not give a logical explanation, move your site to another host company.

 

Hi,

You can go ahead and set wp-admin in a password protect directory and keep all your passwords secured. Also I strongly recommend to upgrade wordpress always with the latest stable versions.

 

That is the worst idea ever and gives you a false sense of security. An .htaccess file, which implements password protected directories, was never meant to do that. If a person has access to your server, rm -rf /var/www/.htaccess and they can login to your server or just remove the .htaccess then start modifying your theme directly depending on the user permissions

 

We use sitelock its great for the price. Mcafee home antivirus is junk but their site scanner is great.

 

basically you should keep your password change randomly, update your programmed running on your hosting account. and in last update program running on your computer. for brief just explore web webhostinghub.com/support/website/website-troubleshooting/website-hacked.

 

[h=2]20 WordPress Security Tips[/h]

1. Upgrade WordPress
2. Do not use the admin account
3. Delete the admin account
4. Change default passwords
5. Use “strong” passwords
6. Move your wp-config.php file
7. Use secret keys in your wp-config.php file
8. Change the wordpress table prefix
9. Lockdown your htaccess to allow only certain IPS to access it
10. Use shell access as opposed to FTP
11. Create a blank index.thml in your plugins directory (should be there in newer WP versions)
12. Block access to the wp-admin folder using your .htaccess file
13. Remove the WordPress version string from your header.hp file
14. Block your wp folders from search engines
15. Do not allow people to register as administrators by default
16. Keep spam comments out
17. Backup your database and server-side files regularly
18. Use proper file permission settings on all files on your server
19. Use secured connections to access your WP admin pages
20. Scan for vulnerabilities

Visit : http://www.windowslifestyle.com/auslogics-file-recovery-giveaway-review/ Auslogics File Recovery 3 is excellent with all-in-one file recovery software. The software is intended with many of the features enhancing the quality and delivering the best results in recovering any type of file. The software is capable of recovering deleted files and lost partitions, quickly and easily. Some of its enchanting features like it can recover files of all types, can also support all file systems, hard drives and memory cards, quick and easy file recovery with the help of Recovery Wizard, and is compatible with with Windows 7, Vista and XP.

 

I think the basic security is from the server not from wordpress

for e.g: if your wordpress is very secured and you server is improper secure, then the hacker will not do any effort to hack you by transfer among users on the server