1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Best way to prevent hacking of my sites?

Discussion in 'Blogging' started by Newff, May 16, 2014.

  1. Newff

    Newff Regular Member

    Joined:
    Oct 17, 2011
    Messages:
    320
    Likes Received:
    26
    Home Page:
    Hey guys,

    An old site that I had was hacked. When I would go to it..Google Chrome would give a Malware warning and there was some weird stuff going on with it like redirects and so on. Is there anything I can do to prevent this sort of stuff? I assume some simple plugins would not be enough. Are there any good plugins? What more can I do?
     
  2. oscilay

    oscilay Regular Member

    Joined:
    Oct 30, 2013
    Messages:
    426
    Likes Received:
    386
    For WP, bulletproof security and login lockdown can help you.
     
  3. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,416
    Likes Received:
    3,701
    Home Page:
  4. jeremonster

    jeremonster Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    212
    Likes Received:
    61
    Location:
    American in Ukraine
    Wordpress?
    If so here are some of the best easy methods:

    1: Change your WP- Admin location to something other than default (that will stop most bots)
    2: Limit login attempt plugin
    3: Have an amazing password
     
  5. UrsuAke

    UrsuAke Power Member

    Joined:
    Sep 28, 2011
    Messages:
    700
    Likes Received:
    978
    Occupation:
    SEO Specialist.
    Location:
    Romania, land of choice
    Develop your site in Java. No one bothers to hack java sites.
     
    • Thanks Thanks x 1
  6. Newff

    Newff Regular Member

    Joined:
    Oct 17, 2011
    Messages:
    320
    Likes Received:
    26
    Home Page:
    Just used a plugin from ManageWP, it implemented a lot of the tips here, thanks.
     
  7. innosoft

    innosoft Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 25, 2008
    Messages:
    1,633
    Likes Received:
    639
    Occupation:
    Software Developer, SEO
    Location:
    Office
    Home Page:
    use all in one security plugin for wordpress. its really good.
     
  8. V

    V Elite Member

    Joined:
    May 18, 2012
    Messages:
    2,113
    Likes Received:
    2,543
    Occupation:
    Student
    Location:
    /tmp
    there are tons of tips on preventing your sites from getting hacked and the most basic tip is to keep everything up-to-date (plugins,themes,WP version). Everything else comes later. Use limit login attempts, and Wordfence Security. Rename your login file to something else using ftp and rename it to the original filename only when you're about to login. There are many other tips shared by g0g0l in his thread. :)
     
  9. DaringHost

    DaringHost Registered Member

    Joined:
    Mar 19, 2014
    Messages:
    66
    Likes Received:
    13
    Another thing to keep in mind is the environment where you are hosting your website. For example, if your site is on a shared hosting server and your web hosting company does not take necessary security measures then it will not matter how secure your personal WordPress installation is, you still have a high risk of getting hacked.

    To raise your security even more you can run your website from a VPS. With a VPS you have full control over your environment and can make sure not only your WordPress is secure but also the server itself.
     
  10. vd123

    vd123 Newbie

    Joined:
    Aug 14, 2013
    Messages:
    48
    Likes Received:
    6
    iThemes Security
     
  11. tophi

    tophi Regular Member

    Joined:
    Sep 7, 2012
    Messages:
    408
    Likes Received:
    75
    For me iTheme securyty is the best plugin, because you can limit wrong attempts to 1 bad password. If you lock yourself you can unlock via mysql database. Also change display and login username again via mysql. I see from time to time brute force attacks but every wrong password lead to permanent ban of the whole inet provider. :)
    hope that helps

    p.s. changing the login dir can eventually help.
     
  12. notrin

    notrin Power Member

    Joined:
    Apr 15, 2010
    Messages:
    643
    Likes Received:
    71
    Occupation:
    Self Employed Web Master
    Location:
    Montana, USA
  13. Y.O.L.O.

    Y.O.L.O. Registered Member

    Joined:
    Jan 31, 2013
    Messages:
    99
    Likes Received:
    9
    Nothing is fool proof, but I've never had any of my WP websites hacked since I've been using iThemes Security and I've been using it for almost 2 years now
     
  14. ija1985

    ija1985 BANNED BANNED

    Joined:
    May 15, 2014
    Messages:
    13
    Likes Received:
    1
    Hy.

    First of all there is no bulletproof security... Even the big guys get it sometimes....

    That been said the best solution is to keep a backup of your website/database. If you can't do it every week/month at least try to do it when you make some changes.

    The second thing it will be that once you got hacked don't just reinstall everything and try to find how this happen. Me for example.. beside the thing that my bhw account was hacked I got a website hacked and at that moment I started to do some research... find the code.. and then I found out that the problem wasn't on the webiste/server side but the problem was on filezilla.

    So I have updated the software changed all my accounts passwords and then put up the latest backup.

    Now if you ask for the best method.. well my answer will be that you should build up a script preferably in perl or a less usual program that do it and look for non-normal behavior. I say a custom script since those that you can get every one can get and find their week spot. Beside this a second most common thing that you must avoid is mysql injection.

    But as you can see with all this theory I'm still one of the newest victim of hacking.
     
  15. darksypher

    darksypher Junior Member

    Joined:
    Feb 1, 2009
    Messages:
    103
    Likes Received:
    20
    This is great advice I would also like to add that if you have a website which is bringing you in a substantial income you could also look into website security or security penetration testing services from trained professionals.
     
  16. WebDev

    WebDev Regular Member

    Joined:
    Oct 31, 2010
    Messages:
    384
    Likes Received:
    484
    Gender:
    Male
    Location:
    UK
    For WordPress, simply static plugin

    It presents static HTML to web browsers, and hides the real WordPress installation
     
  17. davids355

    davids355 Jr. VIP Jr. VIP Premium Member

    Joined:
    Apr 25, 2011
    Messages:
    8,805
    Likes Received:
    6,372
    Home Page:
    Keep everything updated.
    change default admin username.
    have secure password - 8 characters non dictionary word including, number, uppercase and special character.
     
  18. servikus

    servikus Newbie

    Joined:
    Jan 19, 2014
    Messages:
    11
    Likes Received:
    3
    First of all you will need to find a cause how someone has hacked into your website.
    Usually it has to do with bad written plugins and themes. Sometimes hackers can have keyloggers installed on victim's computer so they got all his logins (WP admin logins, FTP logins, E-Mail ...).
    A lot of webhosting companies doesn't have properly secured server, so hacker is able to access to other sites if they hack weak site on the same server.
     
  19. spiko

    spiko Newbie

    Joined:
    May 19, 2014
    Messages:
    15
    Likes Received:
    0
    Is there an easy to backup also?
     
  20. janinaherz3

    janinaherz3 Regular Member

    Joined:
    May 17, 2014
    Messages:
    243
    Likes Received:
    13
    Getting hacked is an unfortunate part of being on the internet today. So the hard truth is that if you want to stay 100% digitally secure then stay off the internet.
    Yet there are some techniques you can use to make any hackers dream of getting into your accounts.
    1) Be smart about username and password
    2) Keep your software up to date
    3) Very important ; Think twice before you click