Best way to prevent hacking of my sites?

Newff

Regular Member
Oct 17, 2011
321
26
Hey guys,

An old site that I had was hacked. When I would go to it..Google Chrome would give a Malware warning and there was some weird stuff going on with it like redirects and so on. Is there anything I can do to prevent this sort of stuff? I assume some simple plugins would not be enough. Are there any good plugins? What more can I do?
 
Wordpress?
If so here are some of the best easy methods:

1: Change your WP- Admin location to something other than default (that will stop most bots)
2: Limit login attempt plugin
3: Have an amazing password
 
Just used a plugin from ManageWP, it implemented a lot of the tips here, thanks.
 
there are tons of tips on preventing your sites from getting hacked and the most basic tip is to keep everything up-to-date (plugins,themes,WP version). Everything else comes later. Use limit login attempts, and Wordfence Security. Rename your login file to something else using ftp and rename it to the original filename only when you're about to login. There are many other tips shared by g0g0l in his thread. :)
 
Another thing to keep in mind is the environment where you are hosting your website. For example, if your site is on a shared hosting server and your web hosting company does not take necessary security measures then it will not matter how secure your personal WordPress installation is, you still have a high risk of getting hacked.

To raise your security even more you can run your website from a VPS. With a VPS you have full control over your environment and can make sure not only your WordPress is secure but also the server itself.
 
For me iTheme securyty is the best plugin, because you can limit wrong attempts to 1 bad password. If you lock yourself you can unlock via mysql database. Also change display and login username again via mysql. I see from time to time brute force attacks but every wrong password lead to permanent ban of the whole inet provider. :)
hope that helps

p.s. changing the login dir can eventually help.
 
Nothing is fool proof, but I've never had any of my WP websites hacked since I've been using iThemes Security and I've been using it for almost 2 years now
 
Hy.

First of all there is no bulletproof security... Even the big guys get it sometimes....

That been said the best solution is to keep a backup of your website/database. If you can't do it every week/month at least try to do it when you make some changes.

The second thing it will be that once you got hacked don't just reinstall everything and try to find how this happen. Me for example.. beside the thing that my bhw account was hacked I got a website hacked and at that moment I started to do some research... find the code.. and then I found out that the problem wasn't on the webiste/server side but the problem was on filezilla.

So I have updated the software changed all my accounts passwords and then put up the latest backup.

Now if you ask for the best method.. well my answer will be that you should build up a script preferably in perl or a less usual program that do it and look for non-normal behavior. I say a custom script since those that you can get every one can get and find their week spot. Beside this a second most common thing that you must avoid is mysql injection.

But as you can see with all this theory I'm still one of the newest victim of hacking.
 
Hy.

First of all there is no bulletproof security... Even the big guys get it sometimes....

That been said the best solution is to keep a backup of your website/database. If you can't do it every week/month at least try to do it when you make some changes.

The second thing it will be that once you got hacked don't just reinstall everything and try to find how this happen. Me for example.. beside the thing that my bhw account was hacked I got a website hacked and at that moment I started to do some research... find the code.. and then I found out that the problem wasn't on the webiste/server side but the problem was on filezilla.

So I have updated the software changed all my accounts passwords and then put up the latest backup.

Now if you ask for the best method.. well my answer will be that you should build up a script preferably in perl or a less usual program that do it and look for non-normal behavior. I say a custom script since those that you can get every one can get and find their week spot. Beside this a second most common thing that you must avoid is mysql injection.

But as you can see with all this theory I'm still one of the newest victim of hacking.

This is great advice I would also like to add that if you have a website which is bringing you in a substantial income you could also look into website security or security penetration testing services from trained professionals.
 
For WordPress, simply static plugin

It presents static HTML to web browsers, and hides the real WordPress installation
 
Keep everything updated.
change default admin username.
have secure password - 8 characters non dictionary word including, number, uppercase and special character.
 
First of all you will need to find a cause how someone has hacked into your website.
Usually it has to do with bad written plugins and themes. Sometimes hackers can have keyloggers installed on victim's computer so they got all his logins (WP admin logins, FTP logins, E-Mail ...).
A lot of webhosting companies doesn't have properly secured server, so hacker is able to access to other sites if they hack weak site on the same server.
 
Getting hacked is an unfortunate part of being on the internet today. So the hard truth is that if you want to stay 100% digitally secure then stay off the internet.
Yet there are some techniques you can use to make any hackers dream of getting into your accounts.
1) Be smart about username and password
2) Keep your software up to date
3) Very important ; Think twice before you click
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock