Welcome to WebmasterWorld Guest from

Forum Moderators: keyplyr & mack

Message Too Old, No Replies

Best Practice Protecting WordPress Against Hackers

My website hacked twice....

1:58 pm on Oct 24, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Oct 9, 2006
votes: 0

Guys this is too frustrating, my Wordpress website has been hacked twice and on both occasions I think they are trying to extort me.... the first time I deleted this index file he placed there and then the site was back to normal. I upgraded to the latest version of Wordpress and changed my password.

Then I realized I was hacked a month later. The support people keep saying that I must update my password regularly to protect my domain but this has never happened on any other webhost, like GoDaddy.

Please help me out here guys what do I do...what are the best practices to stop this from happening again?

7:50 pm on Oct 27, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 9, 2004
votes: 0

Personally I deleted unused aspects of Wordpress in my installation.(not disabled, deleted) I then disabled anything that wasn't used and non-essential. I've never had problems in years of use. I'm a coder so this is a lot easier for me to say but the point being that limiting access seemed to work for me.
10:12 pm on Oct 27, 2008 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
votes: 99

BTW, don't confuse WordPress hacks with hacked servers. There are some hosts that are literally infested with sites hacked with hidden links that appears to be a hosting problem, not a WordPress problem.

If you've had this issue you should use Google to see what people are saying about your host as I know a few that are severely infested.

10:48 pm on Oct 27, 2008 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 14, 2003
votes: 36

I use a host that is known for high security. Sometimes it is a pain to go through the extra steps for something but it is nice to know they work very hard to secure the network.
3:35 am on Oct 28, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
votes: 1

One team member isn't nearly enough to validate code for security

Bill I'll have to admit I don't know exactly what the mod validation process is. I do know the guidelines set down are pretty strict to help prevent exploits from creeping in to begin with. It's my understanding the ones that do get rejected are usually because they don't follow the guidelines. There's a team of about 8 mod validators and only about 150 have been validated since about this time last year. They just added some "junior validators" to pre screen mods to help speed up the process.

This 34 message thread spans 2 pages: 34