1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

WordPress Security Issue — Make Your Website More Secure

Discussion in 'Content Management' started by sabbir hasan, Apr 16, 2013.

  1. #1
    When you got your website hacked, you certainly need to have a expert help. But if you do now know what to do, then this article will help you to give direction to your web guy.



    WordPress is the best CMS platform ever made and due to its flexibility it has become most used CMS back end. Millions of people are using this to run their websites. But Hacking has become a major issue. following some preventing actions can improve your website security and it can help you not to suffer at the long run. I will discuss about this issue issue in details so that you can do it for your own.

    Before preventing hacking you need to know what do do if you are being hacked…

    1. Removing Hacking script…
    1.1. If it is possible we have to install a fresh copy of latest WP ( Recommended )
    1.2. We have to check almost all file including plugin and .htaccess file to remove the hacking script.
    1.3 We have to check site with online site scanner linke this one http://sitecheck.sucuri.net/results/www.3fuso.com/ ( I use this site a lot )
    1.4. We mush have to update WordPress when a latest version is avaiable

    2. Preventing site from Hacking
    2.1 Changing Cpanel and FTP logins
    2.2 Changing Wp login including Username and all user passwords
    2.3. Check all user role whether there is more than one super admin. If so we have to delete the other super admin.
    2.4. Install some Wp security Plugins
    2.5. Always Update Plugins and Themes
    2.6 Never install any Plugins or theme other than trusted source
    2.7. Do not use default WordPress Themes ( specially Twenty Eleven Theme )
    2.8. Move the wpconfig.php file one level up in the FTP
    2.9. Use .htacces to prevent access wp-config.php file and wp-include directory.
    2.10. Use login protection using a wp lock down plugin
    2.11. If there is any website affected on a same hosting, we have to solve it quickly so that it can not affect other sites
    2.12. Sometimes it is recommended to change hosting ( I had a bad experience with GOVO hosting, Fat Cow hosting…. sites used to hack there regularly… )
    2.13. Always Keep Backup your sites using plugin so that we can restore your site easily if something bad happens.
    2.14. Use google webmaster tool for websites to that you can get notified as soon as your site is blocked by google.
    2.15. Check or maintainance your site atleast once a month with security scanner and update the Wp core file ( when available )

    I explained almost everything here regarding website security. If website database is affected with virus or malicious script, it is hard to delete it and you may loose some data or total data.

    If you need a expert help, have to provide the following information so that they can work on your site……

    1. Wp Login ( installing securty plugins and updating Wp core )
    2. FTP information ( it is needed to download files to scan on my local machine )
    3. Cpanel / Control Panel information ( to download database and check for malicious script )

    Your Feedback and Suggestion are appreciated.
    Thanks
    Sabbir
     
    sabbir hasan, Apr 16, 2013 IP