1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How do you protect your PBN sites from hackers?

Discussion in 'Black Hat SEO' started by givensia, Mar 7, 2016.

  1. givensia

    givensia Regular Member

    Joined:
    Apr 11, 2014
    Messages:
    327
    Likes Received:
    104
    It seems like there are so many different ways that hackers can get into your WordPress sites, inject spam ans malware, links etc. How are you guys protecting your PBN sites? Let's get a helpful thread going because we need to stop those ass holes
     
  2. blackice6666

    blackice6666 Regular Member

    Joined:
    Nov 20, 2014
    Messages:
    233
    Likes Received:
    92
    I think Wordfence is a great plugin for wordpress. Also the old super long super difficult password is a good way to keep yourself safe from brute force attacks.

    I tend to keep a special username for the wordpress admin and i add a dedicated author for the posts. So at least the attackers will not easily find the admin username.
     
  3. S2Term

    S2Term Junior Member

    Joined:
    May 6, 2014
    Messages:
    138
    Likes Received:
    56
    Use a limit login attempts plugin and also this little piece of code in the .htaccess file.

    It re-direct's a request from the admin page to an error file if someone attempts to login from an IP that is NOT 123.456.789.111.

    I'm still trying to figure out how to stop xmlrpc attacks.


    # BEGIN WordPress
    ErrorDocument 401 /error401.php
    ErrorDocument 403 /error403.php


    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^123.456.789.111$
    RewriteRule ^(.*)$ - [R=403,L]
    </IfModule>
     
    • Thanks Thanks x 3
  4. W9go

    W9go Jr. VIP Jr. VIP Premium Member

    Joined:
    May 16, 2011
    Messages:
    4,622
    Likes Received:
    930
    Gender:
    Male
    Occupation:
    chasing girls
    Location:
    chasing girls
    i don't use wordpress ;) ... make is safer but more work to set up and update
     
  5. greenlabelseo

    greenlabelseo Jr. VIP Jr. VIP

    Joined:
    Sep 24, 2013
    Messages:
    346
    Likes Received:
    54
    Home Page:
    - Update frequently
    - Use WordFence
    - Avoid free themes
    - Don't use default usernames
     
  6. jacker818

    jacker818 Power Member

    Joined:
    Jun 10, 2010
    Messages:
    730
    Likes Received:
    238
    Gender:
    Male
    Occupation:
    Entrepreneur | SEO
    Location:
    Los Angeles
    Wordfence is the way to go!
     
  7. oliebhat

    oliebhat Newbie

    Joined:
    Mar 5, 2016
    Messages:
    11
    Likes Received:
    5
    0. Scan your WP with WP-Scan and follow the instructions.
    1. Change "/wp-login. php" to another link. Better link is "/abmgpskjg".
    2. Delete readme and licence file.
    3. Change username from admin to another.
    4. Ban IPs for 10 failure login attempt.
    5. Be careful with plugins, sliders, themes eg. that you install. In this case check exploit-db
    6. Keep your WP up to date.
    7. Check server settings (apache,nginx).
    8. If you use VPS/dedicated server switch off FTP daemon and use sftp via sshd.
    9. --||-- set permit root login to : "no". (This setting is in file /etc/ssh/sshd_config)
    10. Check chmods and chowns. Set config files to 440, wp-content/uploads to 775.
     
    • Thanks Thanks x 5
  8. givensia

    givensia Regular Member

    Joined:
    Apr 11, 2014
    Messages:
    327
    Likes Received:
    104
    Thanks for the code. I will use it on my sites.
     
  9. NawtyBoy

    NawtyBoy Junior Member

    Joined:
    Nov 13, 2015
    Messages:
    158
    Likes Received:
    28
    Gender:
    Male
    Occupation:
    Real Estate Consultant
    Location:
    Mumbai, India
    I have a dynamic ip.

    Only the last three nos are changed, how can i use that code?
     
  10. Galleta

    Galleta Regular Member

    Joined:
    Dec 7, 2015
    Messages:
    270
    Likes Received:
    88
    how do you protect from sqli and xss?
     
  11. SocialPusher

    SocialPusher Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 24, 2011
    Messages:
    476
    Likes Received:
    61
    Gender:
    Male
    This is the best post I`ve seen in a while. Thank you but I was missing around 3 of the points :)
     
  12. AceCanoe

    AceCanoe Registered Member

    Joined:
    Feb 1, 2016
    Messages:
    93
    Likes Received:
    24
    These answers are very informative and helpful! I also read here that blocking certain bots/crawlers can help prevent anyone discovering your PBN in the first place, despite most of the replies above cover the rest I think. Also, be careful with having the same plugin on multiple PBNs as that can leave quite a footprint.
     
  13. gooty2

    gooty2 Registered Member

    Joined:
    Feb 21, 2016
    Messages:
    54
    Likes Received:
    5
    Thanks your post really helped me :cheerlead
     
  14. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,371
    Likes Received:
    3,964
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Automation Alternatives
    Home Page:
    Yes use WordFence if nothing else, there is also bullet proof security plugin for WordPress but that's not recommended
    for beginners, seriously don't use bullet proof security unless you really know how to get your self out of a jam with WordPress.
     
  15. Corion

    Corion Junior Member

    Joined:
    May 25, 2010
    Messages:
    102
    Likes Received:
    14
    1. Dont used cracked themes
    2. Install wordfence
    3. Use cloudflare
     
  16. umerjutt00

    umerjutt00 Jr. VIP Jr. VIP

    Joined:
    Oct 28, 2011
    Messages:
    3,822
    Likes Received:
    2,061
    Occupation:
    Ninja
  17. bodega

    bodega Newbie

    Joined:
    Sep 16, 2015
    Messages:
    3
    Likes Received:
    1
    Couple of questions,

    How do you make it so it bans IPs after a certain amount of login attempts?
    How do you change your "/wp-login" portion of the link to another one
     
  18. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,957
    Likes Received:
    4,068
    Home Page:
  19. loedown

    loedown Jr. VIP Jr. VIP

    Joined:
    Jun 29, 2009
    Messages:
    1,582
    Likes Received:
    496
    Home Page:

    Because they like links too ;)
     
  20. myopic1

    myopic1 Regular Member

    Joined:
    Mar 24, 2014
    Messages:
    408
    Likes Received:
    402
    It's not so much 'hack' as in a guy in a Matrix style guy, chain smoking in a dark room figuring out how to break your system but rather automated software probing for vulnerabilities, it's exceptionally common. If you run a VPS server at all, look in the server log files for a real eye opener, I get thousands of 'hacking' attempts every single day.

    You get hacked because they can.
     
    Last edited: Mar 8, 2016