WordPress.org

Support

Support » Miscellaneous » My blog was hacked. How can I beef up security?

My blog was hacked. How can I beef up security?

  • A blog I set up was recently hacked in to. How can I beef up security to prevent this from happeing again?

    Here is the content of the hacker:

    We Are Ä°n The services of the great Turkish Nation…”
    Hacked By ÇukurOva’li

    And

    “Türk” “iN’Ha” “G3RÄ°LLA” “TuRkiSh.HaCkEr” “K.r.M”

    “We Are Ä°n The services of the great Turkish Nation…”

    I Am Turkish Hacker

    http://WWW.TC-THC.NET

    Bu Vatan, Yüce Türk Milleti İçin

Viewing 4 replies - 1 through 4 (of 4 total)
  • Samuel B
    Participant

    @samboll

    It’s your host’s job to make your site secure unless you left install.php or upgrade.php on your server or have file permissions set too high on some of your WP files.

    Because WP is a very popular and widely known piece of software, the likely location of your admin login is also well known to anyone who’s interested.

    1. If you’re still using the default admin username, don’t. Change it to something else.

    2. Make sure your admin password is nice and secure.

    3. Use .htaccess and .htpasswd to further protect your admin area. More info here, here and here.

    4. Make sure all your WP files are only writable by your user account, not the whole world.

    Webhostinguk
    Member

    @webhostinguk

    You must have left some of the php files in your blog with 777 permission. Most probablly the themes were left with 777 permission as you need to keep them with that permission to modify them from admin section of your wordpress blog.

    I always feel it’s important to caution people to not assume wordpress was the way the hacker got in. You could have other issues with your webhosting. And once hacked, you never know what backdoors have been left behind. The hacker may easily come back again. I recommend you either ask to be moved to a new server, or get yourself a new host.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘My blog was hacked. How can I beef up security?’ is closed to new replies.