How not to get hacked…

  • itsrainingtonight

    (@itsrainingtonight)


    15 years, 10 months ago

    Hi Everyone.

    There have been quite a few posts about being hacked lately so I would like to start a discussion on the issue. I’ll start with some questions…

    How exactly do we go about not being hacked?

    What is the best way to back-up databases and files?

    What is the first thing we should do if we think we’ve been hacked?

    I am using 2.5 and all of the plugins are up to date.

    I use the WP Database Manager on my blog. I change thing around a lot so I have it set to back me up and email the files to me daily.

    Also, I save my entire root folder on my server almost daily which I download to my computer.

    I know that my list falls far short and I am very interested in hearing about what steps we can farther take – especially in term of prevention.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Lester Chan

    (@gamerz)

    15 years, 10 months ago

    1. Always keep your server software up to date, php, mysql, apache, etc
    2. Using phpmyadmin AND mysqldump (WP-DBManager).
    3. Check your error/usage logs I suppose
    4. That sounds good.

    Roy

    (@gangleri)

    15 years, 10 months ago

    I suppose doing some “hardening” never hurts. I’m far from being an expert on the subject, but I use Ask Apache Password Protect which feels safer. Also file permissions is something to look into.

    deuced

    (@deuced)

    15 years, 10 months ago

    One more simple and “clean” tip that *ANY* user can easily follow is to make the wp-admin folder a protected directory. No extra knowledge required, no plugins, just log in to your host CP and put a username and a pass. Just another layer of security.

    whooami

    (@whooami)

    15 years, 10 months ago

    @deuced

    thats not quite as simple as it sounds, and you can see the the result of it on your own site.. some pages, namely those related to registering and logging in, call stylesheets that reside on the other side of wp-admin/

    Log out of your cpanel, log out of wordpress, then come back to your own site and attempt to register. No style.

    deuced

    (@deuced)

    15 years, 10 months ago

    some pages, namely those related to registering and logging in…

    Not *some* but *only*. But you are correct, it’s only a simple way usefull only to those that do not allow user’s registration.

    Roy

    (@gangleri)

    15 years, 10 months ago

    Deuced, my control panel doesn’t work that way. I can make a new protected folder, but I can’t password protect an existing folder.

    Anyway, last night I’ve been playing with the WP Security Scan plugin and changed the table prefixes (after Whoo explained the use of that clearly).

    In the process I also changed database usernames and passwords to something less silly (unfortunately I couldn’t just change the database names). I don’t know if that’s going to have much use, but I suppose it won’t hurt.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘How not to get hacked…’ is closed to new replies.