Welcome to WebmasterWorld Guest from 23.22.207.70

Forum Moderators: mack

Message Too Old, No Replies

Best Practice Protecting WordPress Against Hackers

My website hacked twice....

     
1:58 pm on Oct 24, 2008 (gmt 0)

Preferred Member

5+ Year Member

joined:Oct 9, 2006
posts:375
votes: 0


Guys this is too frustrating, my Wordpress website has been hacked twice and on both occasions I think they are trying to extort me.... the first time I deleted this index file he placed there and then the site was back to normal. I upgraded to the latest version of Wordpress and changed my password.

Then I realized I was hacked a month later. The support people keep saying that I must update my password regularly to protect my domain but this has never happened on any other webhost, like GoDaddy.

Please help me out here guys what do I do...what are the best practices to stop this from happening again?

7:50 pm on Oct 27, 2008 (gmt 0)

Preferred Member

10+ Year Member

joined:Sept 9, 2004
posts:643
votes: 0


Personally I deleted unused aspects of Wordpress in my installation.(not disabled, deleted) I then disabled anything that wasn't used and non-essential. I've never had problems in years of use. I'm a coder so this is a lot easier for me to say but the point being that limiting access seemed to work for me.
10:12 pm on Oct 27, 2008 (gmt 0)

Administrator from US 

WebmasterWorld Administrator incredibill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Jan 25, 2005
posts:14642
votes: 93


BTW, don't confuse WordPress hacks with hacked servers. There are some hosts that are literally infested with sites hacked with hidden links that appears to be a hosting problem, not a WordPress problem.

If you've had this issue you should use Google to see what people are saying about your host as I know a few that are severely infested.

10:48 pm on Oct 27, 2008 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member ogletree is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Apr 14, 2003
posts:4267
votes: 21


I use a host that is known for high security. Sometimes it is a pain to go through the extra steps for something but it is nice to know they work very hard to secure the network.
3:35 am on Oct 28, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Mar 4, 2004
posts:877
votes: 0


One team member isn't nearly enough to validate code for security

Bill I'll have to admit I don't know exactly what the mod validation process is. I do know the guidelines set down are pretty strict to help prevent exploits from creeping in to begin with. It's my understanding the ones that do get rejected are usually because they don't follow the guidelines. There's a team of about 8 mod validators and only about 150 have been validated since about this time last year. They just added some "junior validators" to pre screen mods to help speed up the process.

This 34 message thread spans 2 pages: 34
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members