WordPress.org

Ready to get started?Download WordPress

Forums

How to secure my blog against hackers (I'm Danish) (12 posts)

  1. Nullo
    Member
    Posted 8 years ago #

    Hi there

    I just wanted to know if there's something I can do to secure my blog against hackers. Quite a few Danish websites have been hacked the last couple of days and I'm getting a little bit worried.

    How secure is WP?...Does it all depend on my hosting?...etc.etc....All suggestions are appreciated.

    Thx :-)

  2. spencerp
    Member
    Posted 8 years ago #

    Oh believe me, you're not the only one.
    http://www.vindictivebastard.net/images2/hacked.gif

    As far as the being protected...there is ways. But some of these people still get in on either bad scripts or either leaks within "un-updated" softwares.. Which I think happened in my case. I had my loverzlane "pern gallery" hacked, running coppermine gallery.

    And I thought I had it updated, but apparently I didn't keep on the updates.. =( Just was working on other stuff, to not keep track.. So just keep all your softwares updated to the newest and latest versions..

    Other then that, maybe someone else will tell ya better pointers on it..

    spencerp

  3. Nullo
    Member
    Posted 8 years ago #

    Other suggestions?....danish websites are being attacked "èn masse"...help would be appreciated.

    Thx.

  4. Just make sure to be running 1.5.2 or 2.x. Anything else is insecure.

  5. whooami
    Member
    Posted 8 years ago #

    and be sure to use common-sense permissions.

    The file editor in the backend requires liberal positions to work:

    "To edit a file, type its name here. You can edit any file writable by the server, e.g. CHMOD 666"

    However I dont reccommend that -- and atleast in 1.5.2 neither do they for a long term solution

    "This online editor is only meant to be used when you don’t have access to a text editor or FTP client."

    In other words, if you dont have to use the more open permissions, then dont.

  6. Kafkaesqui

    Posted 8 years ago #

    I agree with whooami. All files should be chmod'ed to 644. Directories, 755. If you cannot edit theme and other files online with these permissions, work with them offline. Previous post of mine on this topic:

    http://wordpress.org/support/topic/32764#post-185346

    Also, think about securing your logins. If you can use https on your server, do. If on Apache, look into setting up your wp-admin/ with .htaccess authentification:

    http://www.javascriptkit.com/howto/htaccess.shtml
    http://httpd.apache.org/docs/1.3/howto/htaccess.html

  7. MAK
    Member
    Posted 8 years ago #

    I'm not tech-savy not to the extreme like many are but allow me to ask this and correct me where I am wrong, as it's likely that I am. /sighs

    Anyhow isn't chmod a unix command? Therefore users of Linux type OS's would use this, but what about people running $MS Windows like myself using the Apache Server 2.0.52; how would I protect my files and directories in the same manner you describe?

    PS: I host my own server so I don't require use of an FTP progam.

    Regards and thanks in advance for your patience.

  8. Kafkaesqui

    Posted 8 years ago #

    MAK, if you are concerned with securing a public web site, then you should not be running it on Windows. If this is what your host provides, then you should find another one.

    Seems a harsh recommendation, but it's not. And it's not MS-bashing on my part. And yes, there are certainly ways to secure a Windows-based web server, but they are dependent on the provider implementing and maintaining them. I just never had enough trust in a host to let them handle all my protection needs.

  9. Nullo
    Member
    Posted 8 years ago #

    Thx. guys...I'll look into the CHMOD's...appreciated!

  10. Quix0r
    Member
    Posted 7 years ago #

    I will try to write a "special version" of the well-known "Cracker Tracker for phpBB2" for WP. Or maybe Bad Behavior is enough to protect your site for the next time?

  11. PozHonks
    Member
    Posted 7 years ago #

  12. experts8
    Member
    Posted 7 years ago #

    wordpress blog server is just another LAMP application. Its security depends on all the components and their interactions with each other and with the client. So it is not enough to tie down wordpress.org blog software itself. I wrote a small piece on this topic two weeks back. It is available at <A HREF="http://www.supportsmb.com/security/secure-lamp/">http://www.supportsmb.com/security/secure-lamp/</A>

    Hope this helps.

Topic Closed

This topic has been closed to new replies.

About this Topic