1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

How to protect Wordpress from hacking?

Discussion in 'Content Management' started by Mr.Dog, Dec 1, 2018.

  1. bountysite

    bountysite Active Member

    Messages:
    71
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    73
    #21
    Try using BBQ plugin for Wordpress. I hear it is lot faster than Wordfence.
    No matter what you do, always keep a remote offsite backup.
    SEMrush
     
    bountysite, Mar 19, 2019 IP
    SEMrush
  2. AttaboyRoi

    AttaboyRoi Member

    Messages:
    26
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    33
    #22
    I'm giving BBQ a try.
     
    AttaboyRoi, Mar 21, 2019 IP
  3. trigshady

    trigshady Active Member

    Messages:
    78
    Likes Received:
    12
    Best Answers:
    0
    Trophy Points:
    50
    #23
    Install SSL and Cloudflare, there are free SSL packages that you can add to your WP just dont forget that you need to maintain it on your own and reinstall every three months.
     
    trigshady, Apr 4, 2019 IP
  4. Lolipop_guy

    Lolipop_guy Peon

    Messages:
    6
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #24
    Try to set up a website lockdown feature and band users, use two-factor authentication for WP security, rename your login URL (it will help too) and also adjust your passwords.
     
    Lolipop_guy, May 9, 2019 IP
  5. Dungeon

    Dungeon Member

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    41
    #25
    I would also suggest setting the activity log, which monitors WordPress users’ activity and identifies suspicious behaviour. In fact, it records all user changes and that is a useful thing if you're not the only person who has access to the admin panel.
     
    Dungeon, May 31, 2019 IP
  6. KaiShinI

    KaiShinI Peon

    Messages:
    18
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #26
    Only on Mac or Linux it is safe I think
     
    KaiShinI, Dec 23, 2019 IP
  7. tuxandrew

    tuxandrew Active Member

    Messages:
    63
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    68
    #27
    - All plugins,theme and WordPress version should be up to date.
    - Outdated versions of plugins and themes creates vulnerabilities provides Loopholes to hackers.
    - Remove old/unused plugins or update them to latest versions.
    - Remove theme if they are outdated.
    - Check file permissions and ensure they are secure.
    - Always use themes and plugins from trusted source.
    - Try to host your Wordpress website behind a WAF which prevent malicious code SQL-code injection
    -Use stronger password for admin area.
    -Change the password regular intervals.
    -You may add a custom script to notify you instantly as soon as about any file changes in Wordpress installation directory.

    The wordpress hardening doc will assist you in a better way.
    URL: https://wordpress.org/support/article/hardening-wordpress/
     
    tuxandrew, Dec 24, 2019 IP
  8. thedge77

    thedge77 Greenhorn

    Messages:
    23
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    18
    #28
    Wow, I did not know there were that many issues with Wordpress security still these days. I have been hacked once over the years, but I have all also been hacked on non WP sites. Good thread, thanks.
     
    thedge77, Dec 30, 2019 IP
  9. tuxandrew

    tuxandrew Active Member

    Messages:
    63
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    68
    #29
    To prevent website being hacked, the websites should be audited in weekly basis, the files should be scanned with any malware scanners on regular basis, the webioste hosted server should be well hardened to ensure the security of the websites. There are few online tools like sucuri provide website security and monitoring services.
     
    Last edited: Dec 30, 2019
    tuxandrew, Dec 30, 2019 IP
  10. mmerlinn

    mmerlinn Notable Member

    Messages:
    2,563
    Likes Received:
    494
    Best Answers:
    6
    Trophy Points:
    290
    #30
    WRONG, WRONG, WRONG.

    Auditing websites does NOT prevent hacking. Auditing may reveal a hacked website AFTER it has been hacked.

    Ditto for scanning. Scanning CANNOT prevent a website from being hacked. It can ONLY reveal whether a website has ALREADY been hacked or not.
     
    mmerlinn, Dec 30, 2019 IP
  11. tuxandrew

    tuxandrew Active Member

    Messages:
    63
    Likes Received:
    8
    Best Answers:
    0
    Trophy Points:
    68
    #31
    @mmerlinn

    Please read the last two points about the 'server hardening' and 'server/website monitoring' options which are the accurate ways for preventing hack with most vulnerabilities. In that case it is 'RIGHT RIGHT RIGHT'
    May be you are right if just some one is reading only the first two points about auditing and scanning and trying to prove they are wrong.

    Another points t to be noted are:

    Auditing the files not only mean that, reviewing the website codes line by line by a developer only after a website is hacked.

    If the website/server owner is seriously wanted to take care his/her website , he/she can perform regular auditing on a live server/ website to ensure the website is safe. -> 'RIGHT RIGHT RIGHT'
    - He/she can add custom script to check the website files and database in regular basis to ensure it is not modified by a hacker. 'RIGHT RIGHT RIGHT'
    - He/she can check on a regular basis and ensure no malicious files are uploaded to the website folders, which even not touched or even executed to overwrite the original website code yet, such type of malicious uploads can be found on regular website audits and removing it can prevent hack of website contents. -> 'RIGHT RIGHT RIGHT'
    -Not even due to website's vulnerabilities, these malicious files or programs can be uploaded via FTP, from any infected local computer or due to a compromised password -> 'RIGHT RIGHT RIGHT'

    Also these part of website auditing,monitoring tasks will be done by third parties also -> 'RIGHT RIGHT RIGHT'
     
    tuxandrew, Dec 31, 2019 IP
    Saputnik likes this.
  12. Sys Admin

    Sys Admin Active Member

    Messages:
    20
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    66
    #32
    All people here provided great suggestions and recommendations. You need to have some type of monitoring & protection in place to early detect any attacks and attempt to automatically block and prevent it. Monitoring is essential for your reference and to improve your security strategy and adjust it as needed.

    Scanning with malware scanners, Setup monitoring and scanning of your files on daily basis and having the website protected by a WAF/Website firewall product can protect you from many threats and enhance your overall protection.

    You can give this free scanner a try https://scan.attacker.net & https://attacker.net/website-security
     
    Sys Admin, Jan 3, 2020 IP
  13. Saputnik

    Saputnik Active Member

    Messages:
    53
    Likes Received:
    18
    Best Answers:
    0
    Trophy Points:
    70
    #33
    Not everyone is able to do it, or wants to do it, or can afford to purchase it. Wordpress is perfectly fine for those who want to have realiable and easy-to-maintain-and-update website, without investing much time and money into programming. People can concentrate on what matters - the content, leaving the coding stuff where it belongs, under the hood.

    Wordpress is hack-proof as much as its owner makes it hack-proof, and it's valid for any other site. If basic Wordpress security rules are obeyed, such as ones listed in @CenTex and @sathikdm posts above, Wordpress is safe and secure environment and it is not going to be hacked. It has vulnerabilities, so does any other software, and it needs to be pampered, but it is fair trade-off for the power it gives you.

    Your overall sentiment against Wordpress is clear example of fallacy of division: the common misconception that Wordpress is prone to hacking comes from shear amount of Wordpress sites - since it powers approximatelly one-third of all sites, an average Joe is much more likely to hear about Wordpress site being hacked than some hand-coded site, hence he/she will spread the word of WP's weaknesses. Will anyone ever hack that site you coded yourself? No, but not because it is hack-proof, but because no hacker knows it exists at all, or, if knows, doesn't give a s*t for your site. Especially if it is site from your signature, that bright yellow colour is sufficient defense itself, it hurts the eyes enough not to wish to deal with it any longer.

    On the other hand, you yourself seem to have fallen victim to so-called IKEA effect: people tend to value more an item they built themselves (such as IKEA DIY stuff), even if its actual value is lower than value of other competitive items, or in this case, your hand-coded site vs. Wordpress.

    Creating a post or page from the scratch in Wordpress takes 5 to 10 minutes, depending on number of photos/other media you need to upload and insert, number of different styles you need to apply to various paragraphs, and it includes uploading media, applying post/page specific layout, adding that post/page to menu and subsequent preview to check if everything is right, etc.

    So, your issue had nothing to do with Wordpress, it was related exclusively to your (in)ability to perform basic tasks in Wordpress.

    Those 5-10 minutes, of course, do not include preparation/writing of the content itself, it also has nothing to do with Worpdress - I need 5 hours and 10 revisions to write sensible article, while I saw some people writing such a post in half of hour; I can't blame Wordpress for my lack of creativity.
     
    Saputnik, Jan 3, 2020 IP