Categories

3
Automation Testing
 45
c panel
 1
Centos 7
 0
Client Portal
 3
Databases
 12
Directadmin
 2
Domains
 2
Email Configuration
 8
EMAILS
 1
kernelcare
 1
KVM
 1
OpenVz Command
 4
PLesk
 6
Security
 4
solusvm
 3
Ubuntu Articles
 2
virsh the command line
29
VPS and dedicated server
 12
Web Hosting
 9
WHM
 3
Windows Servers
 3
WordPress
6
WordPress and Hacker

  Categories

  Tag Cloud

# virsh Command #APACHE #blacklistip #centos #Change hostnamewithoutrebootonCentOS 7 #ClearRAMMemoryCache #Common Web Security Vulnerabilities #commonoutlookerrorcode #cpanel #cpanelspamfilter #create openvz template #csfdirectadmin csf up gradation in direct admin #DA httpd is restart #database #Database Design #databasebackup #databasesissues #DDOS #DecreasingInodeUsageWithCPanelHosting #dedicatedservers #directadmin #directadmin-license-updated manually #directadminipblacklist #directadminlincense #directadminlogs #directadminModSecurity #dnschecker #DomainPropagation? #emails #emailmarketing #emailchallenges #webanchor #webhostingi #exim #firewall #firewallpolice #hostnamechange #How to write .htacess File Tips #httpd.service has failed #indoesandcpanel #inodes #install-php-mysql-apche-ssl #InstallKernelCare #ioncubedirectadmin #iphone #iphone&config #iphonemailconfiguration #kvm #LAMP #Multiple PHP Versions #Networkoptimization #openvxvm #outlook #outlookerrorcode #pagespeed #palskpanelrepair #Permissions and Ownership on Direct admin related system files #Permissions. #ownership #PHP Mailparse PECL #php7.4 #PHPComposer Cpanel #PHPComposeronwhm #PHPMailparsePECL #phpmyadmin #Phpversion #Plesk #PleskLIcenseActivation #pleskpanel #porftp #raidlevel.#raidlevein centos #RDP #RDP-PORT #renew-SSL-Master-Hostname-solusvm #RestoredatabaseviaSSHincpanel #samsungemailconfiguration #samsungs8 #sharedhosting #solusvm #solusvm #solusvmmigration #stopmigraionsolusvm #solusvm kvm tempaltes #solusvmkvm #spam #SSLformastersolusvm #SSLsolusvm #sysadmin#system administration#system engineer#compsci#computer #timezoneemails #Ubuntu 20.04 #unlimitedhosting #unwatedmail #updateKernelCare #Validation #Verification #virsh #webanchor #webanchor #Linux #networking #webapplications #webdesgining #webdevelopment #whm #whois #Windows-server-20212 #windows2012R2 #IPV6 #windows2012aipv6 #WordPress #wordpress Speed #WordPressPerformanceOptimization cpanel database kvm kvm and solusvm and hard disk kvm hard disk space increase kvmvm mysql pureftp

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket

 How to Prevent Wordpress Hacking Print

  • 0

How to Prevent Wordpress Hacking
 

 

WordPress is a free open-source blogging tool and also the most SEO-friendly CMS on the Internet. A great deal of bloggers from amateur to professional are using self-hosted WordPress as their blog publishing platform. This explains why WordPress is the main target of hackers €™ attacks. Earlier this year, numerousblogs using the WordPress platform has been hacked to infect visitors all over the world.
 
In the mass attacks on websites using WordPress, hackers do not change or create new files on that website, they just injected a web address into the database. Entire website visitors will be redirected to the malicious site injected. My blog was also a victim of these attacks and I even didn €™t notice it until I received a warning from Google. Somehow hackers injected a malicious script to the footer and my blog just came back to normal after I removed this script from the footer.php file of my theme. It left extremely serious consequences to my blog, I lost many visitors and Google hadn€™t indexed it for a few weeks. I have learned a valuable lesson from this incident, €œPrevention is better than cure€œ.
 
Therefore, in this article I want to share with you 4 tips I have done to protect my WordPress blog from hacker€™s attacks.
 
1. Limiting Access to WordPress files and folders.
 
 
 
- In the mass attacks I mentioned above, a number of security weaknesses contributed to the WordPress vulnerability, including the fact that WordPress stores the database information in plain text at the wp-config file, which many WordPress users allow it to be readable by anyone. So the first thing is you need toChmod the file wp-config.php and. Htaccess to 404 (allow read-only) so that if there are any problems, the information of the database will not be revealed, and your important data will not be lost or stolen.
 
- We also need to limit access to our wp-admin folder by using .htaccess and assigning specific IPs that can access it. Firstly, open your .htaccess file located in your /wp-admin folder (Do not edit your root .htaccess file), and make a backup. Then paste the following code:
 
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName €œWordPress Admin Access Control€
AuthType Basic
order deny,allow
deny from all
# whitelist Tuan€™s IP address
allow from xx.xx.xx.xxx
# whitelist Brian€™s IP address
allow from xx.xx.xx.xxx
# whitelist Work IP address
allow from xx.xx.xx.xxx
 
Replace xx.xx.xx.xxx with your IP Addresses and save the file. You can add more IPs if needed by creating a new line with: €œallow from xx.xx.xxx.xx€ inside. This solution will absolutely keep your wp-admin folder safe. The only downside of this tip is that if you access your wp-admin panel in somewhere else, you will have to add an extra IP address.
 
- If you don€™t want to change .htaccess file, try to chmod WordPress folders to 101 so that no one can see its content. When you want to edit these folders, chmod them to 701 and remember to chmod to 101 again when you are done.
 
2. Keep WordPress up-to-date
 
 
 
Updating WordPress has become very easy, the newest version automatically notify you in your dashboardif there is any updates for your WordPress and plugins. Since WordPress 3.0, Tools->Upgrade menu option is moved to Dashboard->Updates and themes, plugins, and core upgrades are under one panel. Now you can now update WordPress and plugins with just a click. Don€™t be lazy upgrading your WordPress, themes and plug-ins as soon as possible or you leave yourself open to being hacked.
 
3. Use Captcha whenever possible
 
 
 
Try to use Captcha for comments, login form and contact forms. I don€™t recommend you to use Captcha for comments as it doesn€™t encourage readers to leave comments on your blog. There is a plug-in that virtually eliminates spam comments and can save you a lot of time moderating comments, it is theConditional Captcha. After installing this, Captcha will only show up for comments that are suspicious as spam by Askimet. Joe Boyle did a very good tutorial of this plug-in, you can check it out here: Eliminate Spam With Conditional Captcha.
 
4. Hide WordPress version
 

Hackers may find out your WordPress version and exploit its security holes. You might don€™t want to display the WordPress version from your website source. WordPress themes have a line in the header.phpto display the current version. To protect your blog, go to header.php file and find the following code:
 
 
and replace with:
 
name="generator" content="WordPress" />

Was this answer helpful?

Related Articles

Hardening WordPress Hardening WordPressSecurity in WordPress is taken very seriously, but as with any other system... DEACTIVATE ALL PLUGINS WITHOUT ACCESSING WP-ADMIN? You can deactivate all WordPress plugins either through FTP or through cPanel file manager. :... HOW TO FIX THE 500-INTERNAL SERVER ERROR IN WORDPRESS Cause 1 :: Corrupt .htaccess File If your .htaccess file is corrupt and it can cause a 500... WHITE SCREEN OF Wordpress Memory exhaustion is one of the most common reason behind white screen of death error. To fix... ENABLE GZIP COMPRESSION .htacess Paste in htacess file<IfModule mod_deflate.c> # Compress HTML, CSS, JavaScript, Text, XML...
« Back

Powered by WHMCompleteSolution

  Tag Cloud

# virsh Command #APACHE #blacklistip #centos #Change hostnamewithoutrebootonCentOS 7 #ClearRAMMemoryCache #Common Web Security Vulnerabilities #commonoutlookerrorcode #cpanel #cpanelspamfilter #create openvz template #csfdirectadmin csf up gradation in direct admin #DA httpd is restart #database #Database Design #databasebackup #databasesissues #DDOS #DecreasingInodeUsageWithCPanelHosting #dedicatedservers #directadmin #directadmin-license-updated manually #directadminipblacklist #directadminlincense #directadminlogs #directadminModSecurity #dnschecker #DomainPropagation? #emails #emailmarketing #emailchallenges #webanchor #webhostingi #exim #firewall #firewallpolice #hostnamechange #How to write .htacess File Tips #httpd.service has failed #indoesandcpanel #inodes #install-php-mysql-apche-ssl #InstallKernelCare #ioncubedirectadmin #iphone #iphone&config #iphonemailconfiguration #kvm #LAMP #Multiple PHP Versions #Networkoptimization #openvxvm #outlook #outlookerrorcode #pagespeed #palskpanelrepair #Permissions and Ownership on Direct admin related system files #Permissions. #ownership #PHP Mailparse PECL #php7.4 #PHPComposer Cpanel #PHPComposeronwhm #PHPMailparsePECL #phpmyadmin #Phpversion #Plesk #PleskLIcenseActivation #pleskpanel #porftp #raidlevel.#raidlevein centos #RDP #RDP-PORT #renew-SSL-Master-Hostname-solusvm #RestoredatabaseviaSSHincpanel #samsungemailconfiguration #samsungs8 #sharedhosting #solusvm #solusvm #solusvmmigration #stopmigraionsolusvm #solusvm kvm tempaltes #solusvmkvm #spam #SSLformastersolusvm #SSLsolusvm #sysadmin#system administration#system engineer#compsci#computer #timezoneemails #Ubuntu 20.04 #unlimitedhosting #unwatedmail #updateKernelCare #Validation #Verification #virsh #webanchor #webanchor #Linux #networking #webapplications #webdesgining #webdevelopment #whm #whois #Windows-server-20212 #windows2012R2 #IPV6 #windows2012aipv6 #WordPress #wordpress Speed #WordPressPerformanceOptimization cpanel database kvm kvm and solusvm and hard disk kvm hard disk space increase kvmvm mysql pureftp

  Support

  My Support Tickets   Announcements   Knowledgebase   Downloads   Network Status   Open Ticket