1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress Security - help !

Discussion in 'Blogging' started by blckyboy, Nov 25, 2008.

  1. blckyboy

    blckyboy Newbie

    Joined:
    Jan 22, 2008
    Messages:
    48
    Likes Received:
    124
    Hi Dudes and Dudettes

    I have had a couple of my WP blogs hacked by some mean mofo with adware and virus's which try and load themselves onto my pc when viewing my blog.

    My question is: Is there an easy way to secure my blog.

    And I know it may be a bit ironic asking you guys, But who better to ask !:D

    Thanks in advance
     
  2. blakhat

    blakhat Newbie

    Joined:
    Mar 29, 2008
    Messages:
    2
    Likes Received:
    1
    Yah .. there are a variety of things that you can do... :)

    Attacks can occur in a variety of ways, so there is no foolproof way of securing your wp blog -- however -- you can increase the security.

    The very first thing you should do is make sure that you are running the latest version of WP.
    Another thing: don't permit guest logins.

    Putting empty files named index.html in important directories (I think just about every directory except the main home directory) will keep things like plugins "invisible" from prying eyes.

    Keep your plugins up-to-date, as well.

    There's also a way of removing the wordpress version so that visitors can't determine what version of WP you are using.

    blakhat
     
    • Thanks Thanks x 1
  3. the_demon

    the_demon Jr. Executive VIP

    Joined:
    Nov 23, 2008
    Messages:
    3,177
    Likes Received:
    1,563
    Occupation:
    Search Engine Marketing
    Location:
    The Internet
    use the lockdown plugin which prevents multiple bruteforce attempts at login.
     
    • Thanks Thanks x 3
  4. Krutoy

    Krutoy BANNED BANNED

    Joined:
    Sep 16, 2008
    Messages:
    50
    Likes Received:
    34
    Try to search plugins which can help you protect your blog.
     
  5. Tony57

    Tony57 Registered Member

    Joined:
    Jan 8, 2008
    Messages:
    60
    Likes Received:
    138
    Code:
    http://blogsecurity.net/
    This site should give you all the info you need.

    Tony
     
    • Thanks Thanks x 1
  6. lala

    lala Newbie

    Joined:
    Jul 28, 2008
    Messages:
    16
    Likes Received:
    9
    Hey Bl-Boy,

    Besides the great advice already given to you above re: updating to latest WP version and plugins and the empty files named index.html, it's a good idea to remove anything from your site's code that makes it obvious it's a WordPress blog.

    Two thing you can do :
    1-Look in the header.php file for your theme, find the line below and delete it, this way it's harder for them to determine what version of WP you are runnning.

    <meta name="generator" content="WordPress <?php bloginfo('version'); ?>" /> <!-- leave this for stats please -->

    2- In the footer, remove anything that says "powered by WordPress"

    HTH,

    LaLa