1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Could you suggest a great wordpress hardening tutorial?

Discussion in 'Web Design' started by MadVlad, Sep 13, 2015.

  1. MadVlad

    MadVlad Newbie

    Joined:
    Oct 13, 2011
    Messages:
    40
    Likes Received:
    3
    Hi all,
    for weeks I am strugling to keep my wordpress websites from being hacked.
    Could anyone suggest a good tutorial on how to make a wordpress hack proof and secure it 100%.
    The one that would include database scan and finding a possible malicious strings in a database.
     
  2. puneetas3

    puneetas3 Senior Member

    Joined:
    Jan 8, 2012
    Messages:
    883
    Likes Received:
    386
    Hacked is a strong word. What actually is happening, are you not able to find your content once hacked (and replaced by other content) or are you getting lots of spam comments or brute force attacks
     
  3. MadVlad

    MadVlad Newbie

    Joined:
    Oct 13, 2011
    Messages:
    40
    Likes Received:
    3
    Well, it started to eat up the CPU on the shared hosting (Hostgator) and I got the warning from the host and they've taken all the websites down. Then I started investigating and found kind of folders full of junk html files... Then I started to do some security and installed Wordfence and some other plugins, did the manual hardening of the wordpress sites. Change the salt keys, did the .htaccess files on all. Clean the sites manually. Changed all the passwords including cPanel one and Ftp one. Did much more reading but it still gets warning from wordfence plugin scan that the new files are being infected every day. Now I have a feeling that the infections come from database. But I am not sure how to check the datavbase fro the malicious code...
     
  4. cocoholo

    cocoholo Regular Member

    Joined:
    May 4, 2008
    Messages:
    358
    Likes Received:
    218
    Occupation:
    seeker
    Location:
    Earth
    Are you using legit themes and plugins?
     
  5. Skyebug77

    Skyebug77 Jr. VIP Jr. VIP

    Joined:
    Mar 22, 2012
    Messages:
    1,941
    Likes Received:
    1,361
    Occupation:
    Marketing
    Location:
    Portland,Or
    Have you reinstalled the core files from a fresh installation?
     
  6. MadVlad

    MadVlad Newbie

    Joined:
    Oct 13, 2011
    Messages:
    40
    Likes Received:
    3
    @cocoholo yes I bought the themes from themeforest. Well since last post I was a quite busy with figuring out things. I did update on all Wp websites plus I after that replaced wp-admin and wp-includes folders. I am using Wordfence for scanning, Sucuri for hardening, Gauntlet (for hardening), TAC to check if the code is being inserted into theme...
    It seems that I am doing it right for now. In Sucuri dashboard you can see (and get a email notofication) if the file has been modified. Thats great. Around 15 websites I've done in the past week are still okay and I hope it will stay that way. But man, I went end read a hundreds of pages on the security for WP and it wasn't a quick thing. It took me well more than a month and still there is a fear that I missed some malicious code somewhere...