1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to protect Wordpress from hacking?

Discussion in 'Content Management' started by Mr.Dog, Dec 1, 2018.

  1. #1
    Hi,

    I'm pretty much a beginner with Wordpress, but I've been coding sites for years.
    Once I made a small Wordpress site and it was hacked in a matter of days, content completely eliminated. Now I want to prevent this from happening.

    What can I do?

    What I first did when installing Wordpress was to changed the "wp" folder into some strange name. As I know, hackers often go for the "wp" name.

    What others tips could you give me?
    SEMrush
     
    Mr.Dog, Dec 1, 2018 IP
    SEMrush
  2. CenTex Hosting

    CenTex Hosting Member

    Messages:
    71
    Likes Received:
    9
    Best Answers:
    0
    Trophy Points:
    33
    #2
    Here are a few tips.

    1. don't use a nulled theme
    2. use plugins from companies that have been around for some time
    3. keep Wordpress updated as well as the plugins
    4. Change the user name to something different than admin and use a more secure password
    5. use a program like word fence to help block attempt into logging into your site.

    Hope this helps.
     
    CenTex Hosting, Dec 1, 2018 IP
    Karen May Jones and Mr.Dog like this.
  3. mmerlinn

    mmerlinn Notable Member

    Messages:
    1,939
    Likes Received:
    230
    Best Answers:
    6
    Trophy Points:
    240
    #3
    No matter what you do, Turdpress CANNOT be made hack-proof. Too damn much UNTESTED bloated code involved for anyone to plug every hole.

    Since you have been coding sites for years, why are you migrating to something like Turdpress? Why not keep coding yourself where YOU have COMPLETE control over security?
     
    mmerlinn, Dec 1, 2018 IP
  4. Mr.Dog

    Mr.Dog Active Member

    Messages:
    913
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    60
    #4
    I am moving to Wordpress to make things easier: post content faster, easier.

    I know about some limitations and disadvantages, but I just have to keep up with the trends. I also want to learn to master Wordpress.
     
    Mr.Dog, Dec 2, 2018 IP
  5. mmerlinn

    mmerlinn Notable Member

    Messages:
    1,939
    Likes Received:
    230
    Best Answers:
    6
    Trophy Points:
    240
    #5
    Good luck. You will need it.

    I tried several different site "designers" years ago and finally got so frustrated with them that I went the opposite direction you are going, and have never regretted it. I wrote my own program to build and maintain my website. When I don't like something, or need to add a feature, I simply modify my program. My program will not do what Turdpress does and Turdpress cannot do what I need done.

    I typically add/modify 200 pages PER DAY for my website, something that NO off the shelf CMS can nor will ever do. Before I wrote my own program, I seldom could maintain even 5 pages per day. Now I can do 40 times as much in the same time.

    Basically I have TOTAL control with my program, so if an issue raises its ugly head, I can swat it, then go back to work taking care of my customers.

    If an issue arises in Turdpress, it often means spending HOURS trying to fix the problem, then once that problem is fixed, discovering that the fix created another problem needing to be fixed.

    You are a coder. As such I don't understand why you simply do not write your own website manager and leave the Turdpress bugs for others to swat.
     
    mmerlinn, Dec 2, 2018 IP
  6. service.komputer

    service.komputer Active Member

    Messages:
    17
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    68
    #6
    - disable user registration, if you dont need it.
    - put login lockdown to prevent login bruteforce.
    - use well known and secure hosting provide or server.
     
    service.komputer, Dec 2, 2018 IP
    Karen May Jones likes this.
  7. dcristo

    dcristo Illustrious Member

    Messages:
    19,640
    Likes Received:
    1,153
    Best Answers:
    7
    Trophy Points:
    470
    Articles:
    7
    #7
    Wordfence is a great security plugin for WordPress.
     
    dcristo, Dec 2, 2018 IP
    Suckerpunch likes this.
  8. webhost.uk.net

    webhost.uk.net Well-Known Member

    Messages:
    293
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    128
    #8
    Most points are covered, just make sure to use Cloudlinux to help improve server end security
     
    webhost.uk.net, Dec 3, 2018 IP
  9. Mr.Dog

    Mr.Dog Active Member

    Messages:
    913
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    60
    #9
    I thought similarly, but I was coding every article manually and it was frustrating to write even a single article per day. Let alone, upload it via FTP.

    Then, responsive designs became popular and then more and more requirements and features appeared on the market.

    I saw amateurs (who had no idea of online marketing or SEO) pass me by with their "install 'n' publish" Wordpress sites. They cosmetized them along the way and they do a heck-of-a-lot more than I did in a lot less time. It took them 3 weeks to do what I needed 3 months for.

    Then it became obvious I needed some automatization (yes, I disliked Wordpress a lot and specifically avoided it, therefore I coded).

    I need to swap for Wordpress CMS, because:
    - I just post 'n' it's up! (no long coding for 6+ hours to publish 3-5 articles per day), an article can be done in 15-45 minutes (mine are rather complex with a bunch of images)
    - I can program posts for weeks in advance (the system keeps posting even while I'm away or busy)
    - a few modifications can propagate to the entire site...
    - creating responsive sites is easier
    - etc.

    But yes, I know a plethora of limitations apply, it's easier to hack etc. etc. :( Well, I guess I have to adapt and work something out for that.

    The negative aspect of this all is that besides trying Wordpress about 9 years ago, I haven't been on the platform ever since and moving a 500+ page complex site with its own arborescent structure without ruining the original pages/extensions is... well,... not easy.
     
    Mr.Dog, Dec 3, 2018 IP
  10. OpenScribes

    OpenScribes Active Member

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    86
    #10
    Don't make your config.php world readable
     
    OpenScribes, Dec 21, 2018 IP
  11. Mr.Dog

    Mr.Dog Active Member

    Messages:
    913
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    60
    #11
    Where is that file? What does it do and how do I block it from being readable?
     
    Mr.Dog, Jan 2, 2019 IP
  12. Suckerpunch

    Suckerpunch Well-Known Member

    Messages:
    169
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    140
    #12
    Suckerpunch, Jan 2, 2019 IP
  13. MilesWeb

    MilesWeb Well-Known Member

    Messages:
    815
    Likes Received:
    26
    Best Answers:
    6
    Trophy Points:
    123
    #13
    Below are some tips to prevent your WordPress website from hacking:
    Change your username and password: Avoid using "admin" as your username, instead use irrelevant user name or something that you will remember. For password, select a small sentence, pick the initials of the words in that and mix and match those with numbers and symbols.
    Create a website lockdown and ban users: You can create a lock for your website which will keep the outsiders away by giving them failed login attempts. In simple manner, if the hacker tries to login to the website with wrong passwords, your site will get locked and you will receive the notification for this.
    Use email for log-in: You should use email address for log-in as those can't be easily identified as the usernames.
    Protect your wp-admin directory: The wp-admin directory is the main part of your WordPress website. So, make sure you password protect it.
    Take website backup regularly: It is important that you take your website backup regularly so that even if there is any issue you will have your backup maintained.
     
    MilesWeb, Jan 10, 2019 IP
  14. sathikdm

    sathikdm Member

    Messages:
    6
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    38
    #14
    1. Never Use Nulled Themes & Plugins
    2. Keep Your WordPress Updated
    3. Remove the Plugins not updated for a longtime
    4. Use the Plugins & Themes after check the Ratings, Reviews & Installation Count
    5. Use Different Usernames like A-dmin
    6. Use CloudFlare
    7. Use Strong Passwords like NAME#web$156% or Generated Passwords
    8. Don't use the same username & password on the websites you are going to register as a user
     
    sathikdm, Jan 10, 2019 IP
  15. thatJRyan

    thatJRyan Peon

    Messages:
    14
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #15
    Hi mate, the most secure action you should take prior to seeking any other security methods is taking regular backups for your site(better offsite backups). It's also the easiest and cost-efficient way to make sure your site is on the safe side.
    Shamefully I would recommend you to give my backup plugin - WPvivid Backup/Restore a try. It's fully featured and is super easy to use. And most importantly, it's completely free(free update and support). You can find it at WordPress plugin repository: https://wordpress.org/plugins/wpvivid-backuprestore/
    I hope you'll find it helpful.
     
    thatJRyan, Jan 17, 2019 IP