1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.
  2. Better Analytics for WordPress Get It Free

How to secure my site

Discussion in 'Security' started by noorbaduk, Sep 10, 2011.

  1. #1
    Hello,

    I develop a new site using wordpress. What step should I have to take to secure my site from hackers
     
    noorbaduk, Sep 10, 2011 IP
  2. supportex

    supportex Peon

    Messages:
    66
    Likes Received:
    0
    Best Answers:
    1
    Trophy Points:
    0
    #2
    Project (site) security it's complex component depends on measures taken in server management and the quality of written code. A lot of problems related to security that cannot be fully described here. You should be interested in reading books of "security web applications".
     
    supportex, Sep 29, 2011 IP
  3. anildewani

    anildewani Peon

    Messages:
    1,135
    Likes Received:
    66
    Best Answers:
    0
    Trophy Points:
    0
    #3
    Wordpress is a much secure CMS (Good choice) . Just keep updating it whenever new versions are released and you will be good to go :)
     
    anildewani, Oct 9, 2011 IP
  4. vpslist

    vpslist Peon

    Messages:
    88
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #4
    Do not get crazy with Wordpress plugins. Many people install really young plugins from inexperienced programmers. For instance, TimThumb is a popular image resizer so a lot of people use the TimThumb.php code in their plugins and themes. TimThumb had a huge security weakness that affected a lot of Wordpress users, with many old themes and old, undeveloped plugins that do not get updated running that insecure php code still.

    I stick with routinely updated plugins that are installed by a lot of people.
     
    vpslist, Oct 11, 2011 IP
  5. Bullten Webhosting

    Bullten Webhosting Peon

    Messages:
    28
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #5
    Well it depends on you how you want to secure your site. Till now word-press is secured but the main reason of hacking is the entive use of plugin which proved our to be vulnerable after even updating it. So try to use as minimum plugin as possible. Make use of your coding ability to add features in wordpress. Second many hacks are initiated server side too. They hack other site on a web server and then initiate a rooting attack to gain hold on server to hack differnt sites or if that fails they try to do symlink attack or any possible way it can work.
     
    Bullten Webhosting, Oct 19, 2011 IP
  6. Oskar28

    Oskar28 Active Member

    Messages:
    566
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    60
    #6
    Install wp firewall plugin..
     
    Oskar28, Oct 19, 2011 IP
  7. electroze

    electroze Active Member

    Messages:
    170
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #7
    What is the best set of plugins to use for WordPress security?

    My WordPress blogs were infected this morning with a script that looks like this: (WordPress was upgraded and FTP permissions set properly, but that wasn't good enough.)

    I see various posts online like 35 best wordpress security plugins, etc. But is someone really going to install all 35 at once? I know it would cause confliect. So, instead of every individual person duplicating the work of researching each one, can everyone please post what you are using for WordPress security (preventing server attacks) and find most effective for security?

    Thanks!
     
    electroze, Oct 20, 2011 IP
  8. vpslist

    vpslist Peon

    Messages:
    88
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #8
    Wordpress security plugins are pretty weak because they all do the same thing. If you read up about permissions and stop using FTP, since you mentioned it, you will increase your overall security. FTP is a clear text protocol, which many people forget, so it means any virus or anyone sniffing your Internet connection (lets say you're using a coffee shop) can grab your FTP credentials. Viruses also grab cached FTP client software credentials too.
     
    vpslist, Oct 20, 2011 IP
  9. Jasonmcc

    Jasonmcc Greenhorn

    Messages:
    22
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    11
    #9
    Hi,
    I have a bad story with this<security of website>, its very long but in few words i will tell you to use sitelock to protect your webiste.

    Regards
     
    Jasonmcc, Oct 20, 2011 IP
  10. kurianthomasy

    kurianthomasy Peon

    Messages:
    19
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #10
    First of all, you need to know your enemy. Only if a website consists of static pages the question of secure ur website up to 90% depends on server settings and software.Till now word-press is secured in the website.
     
    kurianthomasy, Nov 2, 2011 IP
  11. electroze

    electroze Active Member

    Messages:
    170
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    55
    #11
    I ended up putting an htaccess file in the wp-admin folder that says deny all, so no one can hack into the admin to change anything. When I want to make a new post, I remove htaccess file temporarily, then put back after posting. Seems to work ok so far. It may not work for autoblogs though- not sure.
     
    electroze, Nov 2, 2011 IP
  12. vpslist

    vpslist Peon

    Messages:
    88
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #12
    That is the worst idea ever and gives you a false sense of security. An .htaccess file was never meant to do that when you may have a virus running on your system catching your FTP password or grabbing your cached passwords.
     
    vpslist, Nov 3, 2011 IP
  13. linux7802

    linux7802 Active Member

    Messages:
    105
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    53
    #13
    linux7802, Nov 4, 2011 IP
  14. chrisp47

    chrisp47 Peon

    Messages:
    13
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #14
    Run a security audit on your website. If the safety audit on its website shows that you have security concerns, and if your host can not give a logical explanation, move your site to another host company.
     
    chrisp47, Nov 9, 2011 IP
  15. Leno B

    Leno B Peon

    Messages:
    15
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #15
    Hi,

    You can go ahead and set wp-admin in a password protect directory and keep all your passwords secured. Also I strongly recommend to upgrade wordpress always with the latest stable versions.
     
    Leno B, Nov 28, 2011 IP
  16. vpslist

    vpslist Peon

    Messages:
    88
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #16
    That is the worst idea ever and gives you a false sense of security. An .htaccess file, which implements password protected directories, was never meant to do that. If a person has access to your server, rm -rf /var/www/.htaccess and they can login to your server or just remove the .htaccess then start modifying your theme directly depending on the user permissions
     
    vpslist, Nov 29, 2011 IP
  17. BarrettNetworks

    BarrettNetworks Peon

    Messages:
    24
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #17
    We use sitelock its great for the price. Mcafee home antivirus is junk but their site scanner is great.
     
    BarrettNetworks, Dec 10, 2011 IP
  18. visualgaurd

    visualgaurd Peon

    Messages:
    10
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #18
    basically you should keep your password change randomly, update your programmed running on your hosting account. and in last update program running on your computer. for brief just explore web webhostinghub.com/support/website/website-troubleshooting/website-hacked.
     
    visualgaurd, Dec 22, 2011 IP
  19. sksinghsanjeet

    sksinghsanjeet Peon

    Messages:
    328
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #19
    [h=2]20 WordPress Security Tips[/h]
    1. Upgrade WordPress
    2. Do not use the admin account
    3. Delete the admin account
    4. Change default passwords
    5. Use “strong” passwords
    6. Move your wp-config.php file
    7. Use secret keys in your wp-config.php file
    8. Change the wordpress table prefix
    9. Lockdown your htaccess to allow only certain IPS to access it
    10. Use shell access as opposed to FTP
    11. Create a blank index.thml in your plugins directory (should be there in newer WP versions)
    12. Block access to the wp-admin folder using your .htaccess file
    13. Remove the WordPress version string from your header.hp file
    14. Block your wp folders from search engines
    15. Do not allow people to register as administrators by default
    16. Keep spam comments out
    17. Backup your database and server-side files regularly
    18. Use proper file permission settings on all files on your server
    19. Use secured connections to access your WP admin pages
    20. Scan for vulnerabilities
    Visit : http://www.windowslifestyle.com/auslogics-file-recovery-giveaway-review/ Auslogics File Recovery 3 is excellent with all-in-one file recovery software. The software is intended with many of the features enhancing the quality and delivering the best results in recovering any type of file. The software is capable of recovering deleted files and lost partitions, quickly and easily. Some of its enchanting features like it can recover files of all types, can also support all file systems, hard drives and memory cards, quick and easy file recovery with the help of Recovery Wizard, and is compatible with with Windows 7, Vista and XP.
     
    sksinghsanjeet, Jan 3, 2012 IP
  20. amigoserv.com

    amigoserv.com Peon

    Messages:
    35
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #20
    I think the basic security is from the server not from wordpress

    for e.g: if your wordpress is very secured and you server is improper secure, then the hacker will not do any effort to hack you by transfer among users on the server
     
    amigoserv.com, Jan 4, 2012 IP