How to test if your site is safe from hacker.

guys, how to test if your site if safe from hacker or any suspicious activity

 

There is no test you can do to see if you're safe. All you can try and do is make sure you're using the most up to date scripts and sensible passwords. Or are you using custom scripts?

 

Of course you can test ur site.
Try acunetix vulnerability scanner.

 

What good is acunetix vulnerability scanner if he can't interperet the results? Also, it's not a free software it's extremely expensive and you wont find the latest version without paying for it.

Nothing is ever 100% secure. The best thing you can do like previous poster mentioned is keep your stuff up to date, don't use stupid passwords and don't use the same password for everything.

 

I know the answer hire a pen tester which is some one who you pay to hack your site.

 

Hire a hacker and ask him to try and hack ur site If he can, u lose... If he cant, ur safe

 

Just because one person can't doesn't mean it's safe... How many people do you think look for exploits in wordpress? And of that number, how many actually find them?

 

This problem is so complicated. If you only want to test whether it is safe or not, you can try to find some able guys to attack it. There's definitely no absolute safety to your website. But you still can do many things to avoid hacking. For example, make sure the server your website is on is trustworthy. That means you should choose a good hosting provider.Also use encryption technology and do not set some simple even stupid password. What's more you can use some software to scan the hole of your site so that it can be repaired in time. Finally, maybe it would be better for you to hire a competent guy to manage your website and the network. Some hackers use the weakness of network to campaign attacks. In a word, no way to promise a absolute safety, just try your best to make it safer.

 

Thats why you should hire a good one.

About wordpress, you can use the login lockdown plugin which locks brute force attempts...

and for a server, u can just DDoS it and see if its good in handling DDoS attacks..

 

Whilst i agree it's a good idea to hire a decent pen tester it's still not a guarantee of security, plus do you know how much it costs to hire someone who's CCISP certified for a day?

Off topic: Thanks for that plugin, i was unaware of it's existence \o/. Definitely gonna check it out

 

am security and also i said there's not safe site , just be carefully and watch ur site security and thnx god u are still alive .
be cuz hacker can access not only from site bugs they can access from apeach or make u ddos attack or ......

 

If you are making such a site that you know there'll be attempts to crack it, then your already spending much money, why not spend some more? If your just making another website on the internet, why bother? just make sure your site is safe...

And your welcome for the plugin, here's a link to the wordpress site: http://wordpress.org/extend/plugins/login-lockdown/

 

I think you should view the server log and see what is not normal！

 

Does server log has info about login attempts?

 

It will show login attempts on the server itself, not the website

 

Depends how you've got logging configured. By default on most linux/unix's you should at least be able to see who accessed what pages.

 

I would like to Suggest you try http://hackertarget.com/free-security-vulnerability-scans/ Out. FYI make sure you have a email address under a 1 of your Domains because they don't accept Free WebMail providers.

 

Maybe there are some software can do that.

 

Err guys, if someone hacks your entire server, they can easily change the logs to remove all traces of them having been there.

 

But if he fails, we can know what was the attack, and we can just ban all IPs that did it...