Posted 6 years ago #
Hi there
I just wanted to know if there's something I can do to secure my blog against hackers. Quite a few Danish websites have been hacked the last couple of days and I'm getting a little bit worried.
How secure is WP?...Does it all depend on my hosting?...etc.etc....All suggestions are appreciated.
Thx :-)
Posted 6 years ago #
Oh believe me, you're not the only one.
http://www.vindictivebastard.net/images2/hacked.gif
As far as the being protected...there is ways. But some of these people still get in on either bad scripts or either leaks within "un-updated" softwares.. Which I think happened in my case. I had my loverzlane "pern gallery" hacked, running coppermine gallery.
And I thought I had it updated, but apparently I didn't keep on the updates.. =( Just was working on other stuff, to not keep track.. So just keep all your softwares updated to the newest and latest versions..
Other then that, maybe someone else will tell ya better pointers on it..
spencerp
Posted 6 years ago #
Other suggestions?....danish websites are being attacked "èn masse"...help would be appreciated.
Thx.
Posted 6 years ago #
Just make sure to be running 1.5.2 or 2.x. Anything else is insecure.
and be sure to use common-sense permissions.
The file editor in the backend requires liberal positions to work:
"To edit a file, type its name here. You can edit any file writable by the server, e.g. CHMOD 666"
However I dont reccommend that -- and atleast in 1.5.2 neither do they for a long term solution
"This online editor is only meant to be used when you don’t have access to a text editor or FTP client."
In other words, if you dont have to use the more open permissions, then dont.
Posted 6 years ago #
I agree with whooami. All files should be chmod'ed to 644. Directories, 755. If you cannot edit theme and other files online with these permissions, work with them offline. Previous post of mine on this topic:
http://wordpress.org/support/topic/32764#post-185346
Also, think about securing your logins. If you can use https on your server, do. If on Apache, look into setting up your wp-admin/ with .htaccess authentification:
http://www.javascriptkit.com/howto/htaccess.shtml
http://httpd.apache.org/docs/1.3/howto/htaccess.html
Posted 6 years ago #
I'm not tech-savy not to the extreme like many are but allow me to ask this and correct me where I am wrong, as it's likely that I am. /sighs
Anyhow isn't chmod a unix command? Therefore users of Linux type OS's would use this, but what about people running $MS Windows like myself using the Apache Server 2.0.52; how would I protect my files and directories in the same manner you describe?
PS: I host my own server so I don't require use of an FTP progam.
Regards and thanks in advance for your patience.
Posted 6 years ago #
MAK, if you are concerned with securing a public web site, then you should not be running it on Windows. If this is what your host provides, then you should find another one.
Seems a harsh recommendation, but it's not. And it's not MS-bashing on my part. And yes, there are certainly ways to secure a Windows-based web server, but they are dependent on the provider implementing and maintaining them. I just never had enough trust in a host to let them handle all my protection needs.
Posted 6 years ago #
Thx. guys...I'll look into the CHMOD's...appreciated!
Posted 5 years ago #
I will try to write a "special version" of the well-known "Cracker Tracker for phpBB2" for WP. Or maybe Bad Behavior is enough to protect your site for the next time?
Posted 5 years ago #
Here are some other useful tips:
http://wordpress.org/support/topic/86007?replies=7#post-439039
Posted 5 years ago #
wordpress blog server is just another LAMP application. Its security depends on all the components and their interactions with each other and with the client. So it is not enough to tie down wordpress.org blog software itself. I wrote a small piece on this topic two weeks back. It is available at <A HREF="http://www.supportsmb.com/security/secure-lamp/">http://www.supportsmb.com/security/secure-lamp/</A>
Hope this helps.
This topic has been closed to new replies.
