Hacking simple php files?

Discussion in 'Security' started by avezoom, Feb 25, 2011.

0
  1. #1
    So after having many wordpress and pivotx blogs hacked lately I will be switching to simple php websites - only using include command.
    Would they be secure against hacking? :confused:
     
    avezoom, Feb 25, 2011 IP
  2. madaboutlinux

    madaboutlinux Member

    Messages:
    250
    Likes Received:
    7
    Best Answers:
    2
    Trophy Points:
    43
    #2
    Just having secure scripts does now make your website hack proof, it also depends on how the server is configured on which the website is hosted :)
     
    madaboutlinux, Feb 26, 2011 IP
  3. avezoom

    avezoom Active Member

    Messages:
    946
    Likes Received:
    10
    Best Answers:
    0
    Trophy Points:
    60
    #3
    But attacks on servers occur when someone targets it specifically it's it? It's much more complicated/time consuming.
    Usually hackers (or should I say "kids" with too much time on their hands) just use some kind of "hacking toolkit" that targets new-found vulnerabilities in popular scripts. That's why I want to switch to simple php - it should be 99% more secure than wordpress...?
     
    avezoom, Feb 27, 2011 IP
  4. mikeasro

    mikeasro Peon

    Messages:
    145
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    You are right Avezoom, This would make your site a lot more secure if the code is written well(read about remote file inclusion), it wont make your site hackproof though.
    There is a few ways you can make wordpress more secure:
    Make sure your DB and you Directory have default wordpress stuff changed, for example if you keep your login at wp-admin then bots/scripts know where to look and if they try blind SQL injection and your database is not default it wont work.
    Don't have unused plugins installed.
    ALWAYS UPDATE EVEYTHING
     
    mikeasro, Feb 28, 2011 IP
  5. eleetgeek

    eleetgeek Peon

    Messages:
    129
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #5
    it should be 99% more secure than wordpress...?

    Honestly, Wordpress as a CORE (not with plugins) is most secured thing created by humans in php. Issues can be on server! Its like 1 rotten tomato spoils the basket.
    If you want an 'secured' blog site:
    1. Buy a VPS from famous companies like GoDaddy, et cetera.
    2. Install WordPress and install theme from trusted source.
    3. Keep your kernel up-to-date. Always update apache and kernel.
    Do a cronjob and save database and files in regular intervals and remember to take regular back up. This way, even if ur ass gets kicked, you can still stand still ;)
     
    eleetgeek, Mar 5, 2011 IP
  6. AdWorkMedia

    AdWorkMedia Member

    Messages:
    76
    Likes Received:
    1
    Best Answers:
    1
    Trophy Points:
    28
    #6
    If you're buying a server like a VPS or something with root control make sure you have a firewall installed or it won't matter how secure your PHP coding is.
     
    AdWorkMedia, May 10, 2011 IP
  7. serversea

    serversea Peon

    Messages:
    190
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Even HTML web sites are hacked, so when you will use out dated/ un reliable scripts, bad coding or give write permissions to files/folders, any web site can be hacked.
     
    serversea, May 22, 2011 IP
  8. nvidura

    nvidura Well-Known Member

    Messages:
    1,780
    Likes Received:
    14
    Best Answers:
    0
    Trophy Points:
    150
    #8
    Any website is vulnerable to hacking attacks. There are various hacking types. You can never 100% secure your website. But you can minimize. Thats all you can do...
     
    nvidura, May 23, 2011 IP