-
The rules for submitting a Dispute have been clarified. Please make certain you read the rules clarification(s) OR read the full DR rules.
Wordpress Security
- Thread starter twinkle88
- Start date
gifmore
Regular Member
- Oct 12, 2007
- 274
- 70
Came across this product:
Have no clue as to whether it really works or how good it is, but it might be worth a look
If other members have had any experience with this, please do share your feedback here
Thank you.
Cheerio :flame: :flame: :flame:
Code:
hxxp://wppadlock.c0m/Have no clue as to whether it really works or how good it is, but it might be worth a look
If other members have had any experience with this, please do share your feedback here
Thank you.
Cheerio :flame: :flame: :flame:
OnFire25
Junior Member
- Mar 24, 2008
- 115
- 263
Having had some of my blogs attacked and identified as malware site because of the hacking these are some of the steps that I now use to "harden" my blogs.
* Your "plugins" directory is NOT secured by default!
And that means there's no "index.html" or "index.php" file in that directory so anyone can SEE what plugins are you using by just going to "www.yoursite.com/wp-content/plugins". It is easy to stop this by creating a blank HTML file named "index.html" and put it in that directory. Job done!
* Choose a strong password!
Don't use an easy to be guessed admin password (your several characters small name, your wife's name, pet names, etc)...choose a longer password and try to combine it with numbers and upper/lower case letters (even other characters like #,$,%,^...). And change your admin password regularly!
* Use security-related plugins!
Some of these security related plugins may help you:
- BS-WP-NoVersion
A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Or you can use Replace WP version plugin.
- Login LockDown
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Download it from here.
* Backup your database!
You should backup your data regurarly (that includes the database). Encrypting the backup, keeping an independent record of MD5 hashes for each backup file, and/or placing backups on read-only media (such as CD-R) increases your confidence that your data has not been tampered with.
One good utility is WP-DBManager and can be downloaded from here
* Of course, update your Wordpress!
Like I said above, keeping your Wordpress installation up to date is one of the most important measure against hackers. And it's not complicated to be done either (backup everything before upgrade!).
Good Luck
* Your "plugins" directory is NOT secured by default!
And that means there's no "index.html" or "index.php" file in that directory so anyone can SEE what plugins are you using by just going to "www.yoursite.com/wp-content/plugins". It is easy to stop this by creating a blank HTML file named "index.html" and put it in that directory. Job done!
* Choose a strong password!
Don't use an easy to be guessed admin password (your several characters small name, your wife's name, pet names, etc)...choose a longer password and try to combine it with numbers and upper/lower case letters (even other characters like #,$,%,^...). And change your admin password regularly!
* Use security-related plugins!
Some of these security related plugins may help you:
- BS-WP-NoVersion
A lot of attackers and automated tools will try and determine software versions before launching exploit code. Removing your WordPress blog version may discourage some attackers and certainly will mitigate virus and worm programs that rely on software versions.
Or you can use Replace WP version plugin.
Code:
http://wordpress.org/extend/plugins/replace-wp-version/- Login LockDown
Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Download it from here.
Code:
http://www.bad-neighborhood.com/login-lockdown.html* Backup your database!
You should backup your data regurarly (that includes the database). Encrypting the backup, keeping an independent record of MD5 hashes for each backup file, and/or placing backups on read-only media (such as CD-R) increases your confidence that your data has not been tampered with.
One good utility is WP-DBManager and can be downloaded from here
Code:
http://wordpress.org/extend/plugins/wp-dbmanager/* Of course, update your Wordpress!
Like I said above, keeping your Wordpress installation up to date is one of the most important measure against hackers. And it's not complicated to be done either (backup everything before upgrade!).
Good Luck
gifmore
Regular Member
- Oct 12, 2007
- 274
- 70
Sorry, but I forgot to mention that you need to change the
xx to tt and the zero to o:
hxxp://wppadlock.c0m/
Anyways, OnFire25 also seemed to have posted some great tips and tools :cool2:
Cheerio
Infinite thanks to you.
I did every thing.
Good plougin protection idea. I think i can use this technique to protect all folders like images and all.
The version hider plugin is good. I think the new wordpress software is coded to protect our wordpress version from others.
Thanks for the tip.
It is working fine. I think this plugin software does htaccess modification and asks the admin to input his ip address. Good plugin.
Instead of buying this plugin, if we do a google search ".htaccess protection", we can find the tip. But it must be edited manually where as this plugin automates the process.
I did every thing.
Good plougin protection idea. I think i can use this technique to protect all folders like images and all.
The version hider plugin is good. I think the new wordpress software is coded to protect our wordpress version from others.
Thanks for the tip.
It is working fine. I think this plugin software does htaccess modification and asks the admin to input his ip address. Good plugin.
Instead of buying this plugin, if we do a google search ".htaccess protection", we can find the tip. But it must be edited manually where as this plugin automates the process.
Last edited: