Sites Hacked and Deleted. Suggest me working safety tips

kumbhak11

kumbhak11

Regular Member
Joined
Feb 8, 2010
Messages
455
Reaction score
651
All my sites had got infected with php script 3-4 days ago and today the content on all of them have been deleted.

For people who are good with security aspects and have been running websites successfully. Kindly advice me on these issues.

1) Which is the best Hosting when it comes to security and support on malware attacks?
2) What plugins/steps ensure that you are completely safe from such attacks? I am basically looking for free plugins and ideas as there are many 200$ per website companies.
3) Any other steps that you take to secure your site.
 
Advertise on BHW
Were you using wordpress? I always recommend Wordfence plugin and Cloudflare. That's IMHO musthave. First one repeatedly scans files for malware, blocks dictionary attacks etc. Second one blocks DDOS attacks, can perform browser validity and detect if it's a human or not.
 
legion85 said:
Were you using wordpress? I always recommend Wordfence plugin and Cloudflare. That's IMHO musthave. First one repeatedly scans files for malware, blocks dictionary attacks etc. Second one blocks DDOS attacks, can perform browser validity and detect if it's a human or not.
Click to expand...

Yes I use wordpress. Have you ever got any problems/attacks after installing these plugins?
 
1. knownhost is great but its not very cheap
2. i dont think you need any plugins to protect your website
3. dont use nulled themes and make sure to install updates when available. watch for the plugins you install and use.

search google you can find many useful tips..
 
Most likely it was running WordPress with potentially outdated plugings? Am I right? Just make sure to stay up to date, don't use sketchy plugins, and use something like wordfence to get alerts and stay protected.
 
KraftyKyle said:
Most likely it was running WordPress with potentially outdated plugings? Am I right? Just make sure to stay up to date, don't use sketchy plugins, and use something like wordfence to get alerts and stay protected.
Click to expand...

Yes, there were many sites, 1-2 sites which I haven't logged in for years, so definitely outdated plugins might be an issue.
 
Buddy did you install any third party plugin? Avoid using them.
WOrdfence plugin and limit login is enough to block any kind of wp-admin attacks.
Sad to hear your story.
 
WordFence is my Best option. And for hosting Sitground and me and my Friend having couple of websites of Digital Ocean.
 
Having an update and maintenance schedule that you use to keep your sites up to date is the best form of defence.

Second, use a backup service AND take periodic manual backups (monthly, or even bi-yearly, depending on the other measures you have in place).

Make sure all your sites are segregated (don’t have them all sitting in one shared hosting account for example) so one getting hacked doesn’t mean losing them all.

Use strong passwords and don’t use admin login.

Use wordfence, or if you have the budget use securi - they offer security scanning SND unlimited cleanups if your site gets compromised.
 
kumbhak11 said:
Yes I use wordpress. Have you ever got any problems/attacks after installing these plugins?
Click to expand...
Never any problems, Wordfence is a free plugin and Cloudflare is being used by all major websites. These two are rock solid, no shady business whatsoever.
 
I am sorry for you. Well, you should:
1. Do a backup of your website - Do a monthly backup and download it into your computer, to keep safe. The daily or weekly backups can be keept on your server.
2. Hosting - Depends of the kind and size of the attack, on the marketplace are some very good providers. I recommend @interkul for its services.
3. Security plugins - You can use Sucuri or Wordfence. Also, opt-in for a Cloudflare free account. Another trick is to use ( simultaneously with Sucuri/Wordfence and Cloudflare ) the HideMyWP plugin.
4. On the future: Keep your passwords secured. Keep the WordPress, the theme and the plugins up to date.
Good Luck!!
 
I use iThemes Security. Has been excellent so far.
 
davids355 said:
Use strong passwords and don’t use admin login.
Click to expand...

can you elaborate on this part? Do you mean not to log into wordpress using the admin account? So we would create a guest account and use it?

What is the purpose of this? thanks.
 
kumbhak11 said:
All my sites had got infected with php script 3-4 days ago and today the content on all of them have been deleted.

For people who are good with security aspects and have been running websites successfully. Kindly advice me on these issues.

1) Which is the best Hosting when it comes to security and support on malware attacks?
2) What plugins/steps ensure that you are completely safe from such attacks? I am basically looking for free plugins and ideas as there are many 200$ per website companies.
3) Any other steps that you take to secure your site.
Click to expand...

what kinds of site you in ? kinda curious why hackers interest to hack your site.
 
affbull said:
can you elaborate on this part? Do you mean not to log into wordpress using the admin account? So we would create a guest account and use it?

What is the purpose of this? thanks.
Click to expand...

Yea, “admin” is the most common account so it’s the one hackers target.

Either use a different name for the primary account when you install wp, or create another administrator account with a different name.

Then what I do is configure wordfence to block any ip that tries to log in as “admin”.
 
Advertise on BHW
You must log in or register to reply here.
Sign up now!

Main Menu

Home Main Forum List Black Hat SEO White Hat SEO BHW Newbie Guide Blogging Black Hat Tools Social Networking Downloads

Marketplace

Account Selling Content / Copywriting Hosting Images, Logos & Videos Proxies For Sale SEO - Link building SEO - Packages Social Media Social Media - Panels Misc

Making Money

Affiliate Programs Hire a Freelancer Making Money Pay Per Click Site Flipping

BlackHatWorld

BHW Merch Forum Suggestions & Feedback Introductions Lounge Dispute Resolution

Other

Domain Name Forum IM Journeys Web Hosting Newsletter
Back
Top