5WordPress Security: Securing Sites From Hackers / Future Attacks

Posted by Harwinder Kumar at 6/11/2014 Posted in: ,

WordPress Security
As WordPress is the most popular CMS available on the web but also vulnerable to threats if we don't follow the necessary security measures.

In one of previous guest post, Sarah Rexman mentioned some tips about securing WordPress and in this post I'm gonna share my own experience. While working as freelancer on oDesk, Elance and Freelancer; clients always have issues about securing their sites from hackers and ask about how to prevent from future attacks. So consider these points to secure your WordPress site for now and future:
  • Keep your WordPress up to date. Latest stable version is 3.9.2 released on 6th August, 2014.
  • Keep your all plugins, themes up to date.
  • Always keep backup of your database, files and make it update after some interval.
  • If site has been compromised, then you must change your salt keys from your wp-config.php file under root directory. You can generate new keys from here. It will force all users to have to log in again.
  • Change your all passwords associated with site at regular interval.
  • Use strong passwords for all logins. Include the mixture of atleast one uppercase letter, lowercase letter, special character, number.
  • Change your WP-Admin username from admin to some other name.
  • Change database prefix from wp_ to some other complicated characters.
  • Make sure timthumb script is updated if your site using it. For outdated script, use Timthumb Vulnerability Scanner plugin to patch.
  • Use plugins after testing it properly. Going through plugin review, Google search will let you know about the reputation of the plugin.
  • Keep track of latest visitors through log files for tracking site users. If you find any suspicious activity at any particular time, then logs files might help you to know a bit about the attacker.
  • Change permissions for .htaccess, wp-config.php, themes main files to 444.
  • Proper file permissions for other files and folders. Best practice is to use 644 for files and 755 for folders.
  • Keep your own system virus free.
  • Always try accessing the site credentials from your own system only.
  • Validate all user inputs  like URL, image uploads etc.
  • Keep track of WP-Admin, FTP accounts user section for any unauthorized user.
  • You can also use Wordfence plugin to monitor from malicious scripts.
  • Put some security to the server on which your site is hosted, either it hosted on dedicated or a shared server.
  • Keep updated with latest vulnerabilities.
Is your own site get infected with malware/virus, contact me through contact form to get rid of malware with future security implementation. In some cases, site might be hit by pharma hack, you can check it either through site content or by searching your site on Google with query "site:example.com pharma"

Having any further issue? Please comment down!
Hope You Liked It. Receive Latest Posts Directly To Your Email
Get Free Updates:
Click On The Confirmation Link Sent To Your Inbox Or Spam

5 comments so far:

Anonymous said on 11/21/2013 6:14 PM:

Oh my goodness! Incredible article dude! Thank you, However I
am encountering difficulties with your RSS. I don't know the reason why I am unable to subscribe to it.
Is there anyone else getting similar RSS problems? Anybody who knows the solution can you kindly respond?
Thanks!!

Feel free to visit my web site :: Capture His Heart Reviews; ,

[Reply]
Harwinder Kumar said on 11/21/2013 9:09 PM:

@Anonymous: you can subscribe via above form on sidebar or from http://feeds.feedburner.com/learnhack directly. Thanks

[Reply]
Anonymous said on 1/23/2014 7:22 PM:

Ԝߋnderful blog! Do you have anʏ suggestions for asƿiring writers?
Ι'm hoping too start my own site soon but I'm ɑ little lost on everything.
Ԝould you recommend starting witgh a free ƿlatform like Wordpresѕ or
go foor a ƿaiud option? Theгe are so many options out there that I'm totally confusеd ..
Anny recommendations? Manny thanks!

Also ѵisdit mү web sitе: orquesta el macabeo ()

[Reply]
Anonymous said on 2/08/2014 10:34 PM:

Have you ever considered creating an e-book or guest authoring
on other blogs? I have a blog based upon on
the same subjects you discuss and would love to have you share some stories/information.
I know my viewers would enjoy your work.

If you are even remotely interested, feel free to send me an e-mail.


Review my site :: insurance public adjuster ()

[Reply]
Himanshu Negi said on 7/16/2014 8:21 PM:

Very nicely compiled information. All points are valid. Your oDesk profile is very nice.

Some wordpress plugins like "limit-login-attempt" and malware scnning plugins, bullet proof security etc. can help a lot.

I like limit-login-attempt against bruteforce. You can also hide your WP login page with the help of these security plugin.

[Reply]

We love to hear from you! Leave us a comment:

© 2014 Learn The Basics Of Ethical Hacking About | Site Map | Privacy Policy | Contact