1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

any alternative to wordpress for better security and good SEO?

Discussion in 'Black Hat SEO' started by Rushdie, Jun 14, 2013.

  1. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    hi,

    i got like 20 wordpress sites on different servers atm. all important sites to me.

    the problem is its hard to maintain all the plugins and updates. and like once a month a site is hacked and we have to rebuild. its a real fucking hassle. last month i had 4 sites down. do you know how to secure against shit like that or is there anything new and awesome on the market for blogging/authority sites? maybe some hosted service? i dont really need that much plugins, but i need to be able to put adsense and some freedom.
     
  2. ice41

    ice41 Power Member

    Joined:
    Aug 18, 2012
    Messages:
    783
    Likes Received:
    248
    Occupation:
    Web Designer
    Location:
    Land of Pineapples
    look for managewp for managing multiple sites, install better security wp for security.
     
    • Thanks Thanks x 3
  3. Moosey

    Moosey Senior Member

    Joined:
    Dec 5, 2011
    Messages:
    1,043
    Likes Received:
    747
    Hey bud, get in contact with me so I can show you how to secure all of your sites. I can guarantee you will not be hacked or taken down again. My team can complete the work for you, or we show you how to configure and follow the steps on the first site and you repeat the process with the rest.
     
    • Thanks Thanks x 1
  4. Asif WILSON Khan

    Asif WILSON Khan Executive VIP Premium Member

    Joined:
    Nov 10, 2012
    Messages:
    10,115
    Likes Received:
    28,555
    Gender:
    Male
    Occupation:
    Fun Lovin' Criminal
    Location:
    London
    Home Page:
    • Thanks Thanks x 2
  5. Moosey

    Moosey Senior Member

    Joined:
    Dec 5, 2011
    Messages:
    1,043
    Likes Received:
    747
    Also make sure all the file permissions are set. You can even take it a few steps further with other plugins to secure it even more (hidemywp, login ninja, etc.)
     
    • Thanks Thanks x 1
  6. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    thanks guys. why are you recommending a dedi? i think vps is enough for me.
     
  7. Smeems

    Smeems Regular Member

    Joined:
    Apr 29, 2012
    Messages:
    425
    Likes Received:
    417
    There are a couple of free tools out there that can really help with WP security.

    First, set up an alert whenever anyone updates a page on your website with this: http://www.webchicklet.com/tools/monitorhackdfiles-tool-helps-fight-site-hackers/ - this way you can check if people outside your jurisdiction have edited your site.


    Start tracking failed login attempts with WordPress Login Lockdown: http://www.bad-neighborhood.com/login-lockdown.html - it records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.


    Get this WordPress Firewall Plugin: http://www.seoegghead.com/blog/seo/stop-hackers-with-our-wordpress-firewall-plugin-v12-p544.html - Like any firewall, will attempt to block efforts to breach your site (and your plugins') security.


    All of these things are free - and will help you protect your site at the basic level.

    A Cloudflare DNS for your most vulnerable/valuable sites can also be useful.
     
    • Thanks Thanks x 1
  8. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    thanks guys i will check that all out. cheers
     
  9. Moosey

    Moosey Senior Member

    Joined:
    Dec 5, 2011
    Messages:
    1,043
    Likes Received:
    747
    You can mass add a plugin to all of your websites at once, not sure if you could have it all configured the same though.

    Plugin: Bulletproof SEO > Set file permissions > Plugin: Login Ninja > Plugin: Hidemywp (If you want to go that far)

    If you're really paranoid get a pro version of Bulletproof SEO.

    Also, If you need any help do feel free to give me a shout on Skype, I PMd you my information. I'm willing to give you a hand if you need it.
     
    • Thanks Thanks x 1
  10. Dutchwarrior

    Dutchwarrior Newbie

    Joined:
    Aug 27, 2012
    Messages:
    42
    Likes Received:
    4
    Occupation:
    SEO, Affiliate Marketing
    Location:
    Netherlands
    Good topic. My Adsense sites just got hacked yesterday. Now they are infected with malware. It's the second time now. The first time my adsense got banned directly. Now i removed my adsense instandly so i'm not banned now.

    I have Better WP security. Fckin had it with those hackers. They cost me thousands of euros
     
    • Thanks Thanks x 1
  11. plb009

    plb009 Junior Member

    Joined:
    Nov 27, 2012
    Messages:
    130
    Likes Received:
    68
    Location:
    Europe
    Try Wordfence plugin for Wordpress, you can also try a special hosting: WP Engine or Synthesis hosting (managed hosting). These companies offer very good security, the disadvantage is the high cost. Also try Login Lockdown and two step authentication.
     
    • Thanks Thanks x 2
  12. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    the same with me. and with ~20 sites im going insane. not sure what to do. wordpress fucking sucks at this scale.
     
  13. poorboi

    poorboi Regular Member

    Joined:
    Sep 17, 2010
    Messages:
    201
    Likes Received:
    111
    Location:
    /b/
    Are you using themes with the timthumb plugin? As timthumb is one of the most vulnerable scripts if not updated constantly. Also use plugins such as login lockdown which can lock the admin access to a specific IP range. Always scan your site using securi or other web based tools which check for malicious scripts embedded in your header etc. Also, are you using some theme that you downloaded from a warez site? ir a Blackhat forum perhaps? Sometimes these are infected with a CURL code which can cause these problems. Contact me if you still face a problem and i will help you set-up a parameter :)
     
  14. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,785
    Likes Received:
    6,321
    Home Page:
    Personally I would advise against having them all on one server - only becuase in my experience, if one does get hacked, they can all get effected - I learnt this mistake having 200 sites on one server and getting them all hacked:)

    I would keep them separate, at least then if you do have an issue, its isolated.

    Obviously if there is a software to manage all the sites centrally then that would be good. But alternatively, you could just set up some plan whereby you update the sites/check the sites every week or wahtever.

    Remember, not performing updates are almost always the cause of security issues.

    Lastly, you really need some good backup plan - either scheduled or manually but regularly, then if a site gets attacked, you can just restore from backup.

    You will also find that with most providers, they perform these backups automatically (hostgator do weekly backups for example).

    Again, with a dedicated server, and probably with VPS as well, you wont get this, unless its managed.

    Thats all based on personal experience - with my MNS sites, I just have a notepad file with all backup instructions (I use SSH access to backup), and I run through backups once a month.

    With really important sites I have nightly scheduled backups.
     
    • Thanks Thanks x 2
  15. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    ok. and maybe anyone uses something else than wordpress for money sites?
     
  16. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,785
    Likes Received:
    6,321
    Home Page:
    I use cmsmadesimple for a few of my money sites.
    It's not as big as WP, but its secure and very fast, and one of the really good things is its got a much simpler temp laying system, so for example if you have a HTML site or design, you can literally stick the CSS in a CSS file, and the HTML in a template file, and then change maybe 10 variables - like title, meta tags, headings, content etc - as they all get pulled in by the cms.

    Its or a full back end admin interface, and you can do loads of advanced stuff like multiple content blocks, variating templates etc.

    http://www.cmsmadesimple.org/
     
    • Thanks Thanks x 2
  17. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,785
    Likes Received:
    6,321
    Home Page:
    ^^ if you are interested, I can show you the cms on a production site, so you can see if you like it.
     
    • Thanks Thanks x 1
  18. zenlagor

    zenlagor Regular Member

    Joined:
    Apr 4, 2013
    Messages:
    357
    Likes Received:
    184
    Occupation:
    Virtual Pimp
    Location:
    Colombia
    Home Page:
    This is almost always down to a permissions/setup problem. Yeah of course someone out there could have found a 0day exploit for wordpress, but I doubt that's happening to you. I setup all my sites with suPHP, and I don't use the default admin user or database. If you have ever used the chmod command to change permissions in your wordpress (IE 777) then you could be causing the problem yourself.

    First of all are you locking down physical login access to the server (ssh only from set ip addresses, cpanel etc) I've found that buying cheap hosting from these "SEO friendly providers" get hammered with port scans and brute force attacks. It's not a problem, you just have to lock your servers down.

    That being said, I always add my own .htaccess file in my wp-admin folder (with permissions set to 644) in that file it looks something like:

    Code:
    Order deny,allow
    Allow from 1.2.3.4 #my home laptop ip
    Allow from 2.3.4.5 #another linux server if my ip changes
    Deny from all
    
    Then only the white listed ip addresses can even access the wp-admin folder. Everything can be locked down from .htaccess, there's probably wordpress plugins that can do it for you.. Download and install one on a test site, then look in the .htaccess file and copy paste out the parts you want. I try to keep as little plugins installed as possible.

    If you are making loads of bank, and you do not wish to learn about file permissions then you are best off hiring a Linux Sysadmin who understands file permissions and security. Avoid anyone who thinks they are a wordpress "expert." Request they set it up with suPHP and build you a .htaccess whitelist. Stop getting guys who do not understand Linux or permissions to setup your wordpress websites. You could always get them to write out line by line instructions to install it correctly via commandline, or via a script.
     
    • Thanks Thanks x 2
    Last edited: Jun 16, 2013
  19. Repulsor

    Repulsor Power Member

    Joined:
    Jun 11, 2013
    Messages:
    708
    Likes Received:
    267
    Location:
    PHP Scripting ;)
    Just adding my 2 cents.

    Together with all security plugins that others are suggesting, remove any unwanted plugins, nulled themes,unwanted themes etc. Always buy themes. Keep your computer secure. Malware will sure spread to your site from your files when you use FTP.

    Wordpress is already safe and secure. Its the plugins, themes and a non secured server that makes the hack possible.
    Also disable anonymous FTP if it isnt done already.
     
    • Thanks Thanks x 1
  20. Rushdie

    Rushdie BANNED BANNED

    Joined:
    Feb 2, 2009
    Messages:
    1,378
    Likes Received:
    1,720
    i found a great solution:
    http://wordpress.org/plugins/really-static/ + wp multi-site