Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 4 of 4
  1. #1
    Junior Member
    Join Date
    Jul 2011
    Posts
    18
    Member #
    28662

    Arrow How To Secure Wordpress

    My site was hacked last night - I use https..but other than that straight-forward wp installation. Sad they don't really made you understand in big bold red letters that out of the box, wp is not at all secure and you are at risk...anyway...

    I restored from backups and the site is up now but I want to prevent this in the future. I had previously installed ithemes security, but it crashed my entire site and their response was "you did not pay for it, we can't help you..give us money or your site will be messed up..too bad"

    Question: Given that, what is a good security plugin for WP that will prevent people from hacking and defacing my site, etc ?

    From what I read, it seems like these plugins are extremely dickey and mostly don't work right at all...so finding a stable one that works first time without killing my site is a must.
    Last edited by cosmic_nomad; Jun 17th, 2017 at 01:13 PM.

  2.  

  3. #2
    WDF Staff mlseim's Avatar
    Join Date
    Apr 2004
    Location
    Cottage Grove, Minnesota
    Posts
    7,717
    Member #
    5580
    Liked
    718 times
    Who is your webhost?

    Sometimes the hacking is done more from the server end than your actual website.
    It could be that many people using the same server were hacked.


  4. #3
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,483
    Member #
    425
    Liked
    2783 times
    Quote Originally Posted by cosmic_nomad View Post
    My site was hacked last night - I use https..but other than that straight-forward wp installation. Sad they don't really made you understand in big bold red letters that out of the box, wp is not at all secure and you are at risk...anyway...

    I restored from backups and the site is up now but I want to prevent this in the future. I had previously installed ithemes security, but it crashed my entire site and their response was "you did not pay for it, we can't help you..give us money or your site will be messed up..too bad"

    Question: Given that, what is a good security plugin for WP that will prevent people from hacking and defacing my site, etc ?

    From what I read, it seems like these plugins are extremely dickey and mostly don't work right at all...so finding a stable one that works first time without killing my site is a must.
    First and foremost, as Max pointed out it depends on how you were hacked. As horrible as WP is...especially from the security standpoint...it isn't necessarily the reason you were hacked. In many cases, it's as simple as using a common login/password combination (e.g. Administrator/password123). This doesn't just apply to wp-admin either. This can apply to your cPanel, your FTP, your email, anywhere that you use a login/password combination. So...before you worry about plugins, change each and every one of those passwords. It's a pain in the butt, but at least you've prevented anyone who hacked you from reusing credentials to succeed a second time immediately.

    Second...update everything you can. Your cPanel. Your MySQL. Your version of PHP. Anything that is possible. If you're on a shared hosting plan and you don't have permission to do it yourself, get your host to do it. Obviously WP and any plugins as well.

    Third...if you're looking for a security plugin, the only half-decent two I've ever found were these two:

    https://en-ca.wordpress.org/plugins/...in-protection/
    https://www.wordfence.com/

    I like WordFence in particular because it sends you alerts when plugins need to be updated. The downside of that feature is that if a plugin is updated several times in short order, you get an email for every single one of them. That can get annoying. The free one should be fine.

    Now, with all of that said...nothing you do will be completely secure. You will always be at risk. This is the nature of running a website on a web server, unfortunately. If it's out there, people will try to hack you and eventually, they'll succeed from time to time. I've been hacked half a dozen times in just over 18 years myself, and while five of those have been WP sites, that doesn't mean they won't try to hack other things; I've got a database of several thousand attempts just in the past couple of years that I've logged. Constant vigilance is important, and you can't just rely on the Open Source Community Fairies to solve everything for you either; most of them still believe WP is a "secure, robust, scalable" product. Asking here was a good start.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  5. #4
    Junior Member seobox's Avatar
    Join Date
    May 2017
    Location
    Brisbane
    Posts
    5
    Member #
    56638
    My website is hacked by the server end even I had installed the security plugin.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 06:26 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com