Hello Friends I have a wordpress blog. Last week it was hacked and I restored it through database. I have followed so many methods available on various blogs and this forum. But still my site got hacked. I followed index all directory method from .htaccess and also used wp-admin password protected. Followed more steps but still i faced hacking. Now I want you member to please tell me the way which you follow to prevent your wordpress site being hacked. I am much confused. Also the top bloggers and expert wordpress site masters reply would be helpful for me. Thanks.
Don't install fishy plugins and themes. (Always check them for potential backdoors or obfuscated code.)
Alright. But what about the procedures that should be taken to make wordpress site strong and prevent from hacking? ,htaccess method is enough? I have no plugins except wp-pagenavi. Site theme is also ok.
What I do. I have done some editing in .htaccess file to protect hta files, wp-config files, making all directory as indexes. And for wp-admin folder, I put an index.html file that is loaded every time until I work. Means I rename that file, work on site, then leave it as index.html. But this is not a secured way and I need a strongest way to make my site protected. Please all biggest wordpress site owners, please help.
Hi mate, Well, First thing I recommend that you do is installed the Wordpress Bulletproof Security plugin: http://wordpress.org/extend/plugins/bulletproof-security/ This will help you sort out htaccess and similar without having to manually do it and will add some very secure rules that will reduce your chances of being hacked. Good luck!
I know some bloggers in Pakistan who use wordpress and has a great colume of traffic and all of theme are professional bloggers yet they don't tell what procedures they follow
I haven't yet had a problem, although I can't say for sure if I've ever had a hack attempt for any of my sites either (I don't monitor my logs for it). Any security steps though won't mitigate weak passwords, social engineering to gain access, or plugins/themes with gigantic holes in them. Or a host with very weak security (for example, allowing all users to read any file on a shared host - it does happen), or just bad permissions applied in error. Without doing an audit, especially on the "remains", to establish the root cause it's not easy to give specific advise. Did you actually work out how they were gaining access to your site? Or are you still being hacked?
I had followed .htaccess method. My site is hosted on a shared server. Yes you are right, there may be the problem of my host. Id and pass were very strong. They may have attacked because of my hoster. I will again use bullet proof and lets see what happens. Anyways thanks for your reply.
Yes last day I was hacked. even it was just a fresh installation of wordpress, and I edited just .htaccess file manually. removed all plugins and installed nothing else but the free theme. I think there is the problem of my host.
Good luck, mate. You might want to consider this, too: http://wordpress.org/extend/plugins/wordpress-file-monitor-plus/ I doubt your host has anything running to monitor filesystem changes, but this plugin might help identify how it's all happening. Might, it's definitely no guarantee.
I discourage people from installing these "security" plugins because they just drain server's resources and since hackers know what to avoid, they are pretty much useless in my opinion. If you are getting hacked even when using a fresh WP installation, consider trying another webhost. Generally the biggest security threat are installed plugins and themes. No sane hacker would try to "guess" your password or something like that - they usually try to find security holes in famous plugins and then use them to their advantage. But the plugin for monitoring changes in files that Ryan suggested might help you identify what goes wrong. Don't forget to let us know which files are being changed, I am kinda curious.
I am a little bit confused as what to do now. Should I install bullet proof or not, what should I do I am now confused. What about password protecting the folder?
@umlove, no, I haven't used it, but there's a chance this will help identify the root cause for you. As for BulletProof Security, it's just .htaccess rules (I think Devtard is talking about PHP plugins that are called on every page load), I personally haven't noticed any slow down in page loads due to it, or had my host complaining about a drain on the server's resources. The work is being done for the Wordpress page is even served. You won't notice a slow down due to installing it.
Anyway, most of the things are cleared , I had a search about this issue. Host should be powerful as well as this plugin also protects site. Thanks @Ryan
I use the Secure Wordpress plugin. I got hacked as well, though. But, they entered through a Zen Cart site and I didn't have any security set up there. My hosting company was able to restore all my data, too.
Chage your hosting provider , Buy hosting from hostgator . after install remove this file wp-admin/install.php if you see update prompt action regarding update . for more help add me on skyp sweet.sahil4