1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to prevent PBN sites from being hacked?

Discussion in 'Black Hat SEO' started by xplosiv, May 21, 2016.

  1. xplosiv

    xplosiv Power Member

    Joined:
    Oct 18, 2014
    Messages:
    523
    Likes Received:
    119
    Okay, I've recently begun working on my PBN a few weeks back and learned a lot in the process. However, I am having an issue with one site (unsure about others at the moment), where I have wordfence installed and it keeps sending me notifications that someone is trying to log in to my website.

    It seems that cheap hosts (not shitty $1 ones), are a magnet for wankers to try and break into... what are the current options for securing PBN sites quickly and safely?

    I installed hidemywp but all the configuration settings are a nightmare for me personally, so I got rid of it. Using wordfence might be a good option for all the sites, but I think it might leave a footprint... is there an easier way? Or are these fears unfounded in the first place?
     
  2. davids355

    davids355 Jr. VIP Jr. VIP

    Joined:
    Apr 25, 2011
    Messages:
    10,199
    Likes Received:
    7,849
    Home Page:
    Turn the notifications off, change lockout settings to 3 attempts, over 1 hour period and lick out for 24 hours.
    Create account other than admin, then in wordfence set admin to auto lock out.

    That's pretty secure as long as you have strong passwords.
     
    • Thanks Thanks x 1
  3. Bladharkje

    Bladharkje Regular Member

    Joined:
    Feb 21, 2014
    Messages:
    432
    Likes Received:
    266
    Occupation:
    Full Time IM
    Location:
    the Netherlands
    Download the following plugin: http://puu.sh/p0dPx/0b44a2fa07.png and change it to w/e you please, that should give a little extra security too. It'll change the standard wp-login page.
     
  4. Guilly

    Guilly Registered Member

    Joined:
    Feb 10, 2016
    Messages:
    54
    Likes Received:
    11
    Gender:
    Male
    Location:
    London
    I assume you are using WordPress... If so install iThemes Security (formerly Better WP Security) and tweak the settings .... Specially these setting was what stopped wankers.
    In my case solve the problem after fews days of headache


     
  5. immaletyoufinish

    immaletyoufinish Regular Member

    Joined:
    Mar 3, 2016
    Messages:
    219
    Likes Received:
    113
    Here's an option - DON'T USE WORDPRESS FOR YOUR PBN SITES!!!!

    Just my opinion on this subject but I'll tell you why.

    WordPress is a security nightmare with the default settings. It actually takes a fair amount of work to secure it and you ought to know what you are doing.

    To really keep it secure you must change the table prefix from wp_ to something and you should disable access to xmlrpc.php. Are you actually able to do these two things on your hosting? If yes, good! Do them! If not, bad! You're at risk of SQLi, brute force and DDoS.

    WordPress is also resource intensive In that it takes a full database to run and databases are memory hungry.

    Nothing beats static sites for PBN sites. There's a much lower security risk. They use very little resources.

    The only problem with them is they are a little harder to put together. I get it all you want to do is have something you can chuck up fast and easy. I urge you to take a look at static site generators and also consider using site builders, as well as the possibility of running a private wordpress install somewhere where you build the site using wordpress then just visit the locally hosted site and download AL the html/css/javascript and serve it up as a static site.

    IMHO Wordpress for PBN is overkill and asking for trouble.
     
  6. Guilly

    Guilly Registered Member

    Joined:
    Feb 10, 2016
    Messages:
    54
    Likes Received:
    11
    Gender:
    Male
    Location:
    London
    Mate if you use the plugin I just mentioned you can do it in a click of a button on wordpress.. But it depends on the host of course. In my case I'm using digital ocean.. I don't know if on hosts like GoDaddy you can do That
     
  7. xplosiv

    xplosiv Power Member

    Joined:
    Oct 18, 2014
    Messages:
    523
    Likes Received:
    119
    I have multiple hosts so checking each ones configuration server side is just going to be a major hassle.

    Guilly, I think you posted a link to your URL, not the actual plugin. However, I would still ask a mod if they can delete it for you. I assume you are talking about better WP security, I will be looking into all the suggestions here shortly.
     
  8. Aty

    Aty Jr. VIP Jr. VIP

    Joined:
    Jan 27, 2011
    Messages:
    5,990
    Likes Received:
    4,083
    Occupation:
    SEO (Senior Erection Officer)
    Location:
    your 6 o'clock
    Home Page:
  9. darkinferno

    darkinferno Jr. VIP Jr. VIP

    Joined:
    Mar 28, 2014
    Messages:
    128
    Likes Received:
    36
    Location:
    Deep Throat
    insert hacker backlink into PBN?

    @OP
    As other mentioned, wordfence will do a good job to prevent hacker and you can try change wp-login plugin, and also disabled xmlrpc in .htaccess
     
  10. stugz

    stugz Junior Member

    Joined:
    Apr 14, 2013
    Messages:
    154
    Likes Received:
    34
    If you're on shared hosting you are already a sitting duck. It doesn't matter what YOU do. It only needs one weak site on the whole server and it is then trivial to access all sites on the server for a hacker. That's assuming there is a hacker and it's not just one of the other site owners on the server.
     
  11. Sristy

    Sristy Jr. VIP Jr. VIP Premium Member

    Joined:
    Aug 17, 2010
    Messages:
    1,824
    Likes Received:
    489
    Gender:
    Female
    Location:
    In My Blog Network
    Home Page:
    Limit login attempts to 3
    Change WP login URL to something else, there are plugins for this
    Have different username than admin
    Have a tough password

    If this doesn't work then you need to change hosts buddy.
     
  12. souleclipse

    souleclipse Senior Member

    Joined:
    Apr 28, 2011
    Messages:
    1,071
    Likes Received:
    216
    Gender:
    Male
    Home Page:
    there are a lot of security plugin.. just mix them around... and set your user and passwords to those generated kinds .

    Username : Lc"g['#~f33p\uyKe'M4
    Passwords : 495N]6J]ht)]c+xX!}-(

    Save the password using lastpass or excel.
     
    • Thanks Thanks x 1
  13. starki

    starki Power Member

    Joined:
    Jul 17, 2012
    Messages:
    709
    Likes Received:
    235
    Mixing on different sites ;) Don't try this on one site, OP.
     
  14. Furious Man

    Furious Man Jr. VIP Jr. VIP

    Joined:
    Aug 4, 2015
    Messages:
    1,747
    Likes Received:
    276
    thank for the info dude
     
  15. Linkzo

    Linkzo Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2015
    Messages:
    1,077
    Likes Received:
    205
    That's fine you can use word fence itself but in order to get rid of notification,no problem ,login to wp-admin for your site and find word fence in the left side bar,click on the word fence options will be available once you expand word fence.
    When you think that your site is being hacked,then
    Upgrade your site to a new version,
    Change all passwords on the site,especially admin password,
    Make another back up and store it separately,
    Scan through the sites using word fence options page,
    Slowly work through the lists untill it is empty.