Hi,
Please post your site url
Hello, is there a PM system here ? I do not wish to post links here.
I have the same problem that many other people have, but cannot find a definitive solution.
Thank you.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Hello, is there a PM system here ? I do not wish to post links here.
There is not a PM system here and directly contacting users that was is actively discouraged. As in no one should post email addresses here, they’ll get in trouble.
Can you post a screen capture? Usually not sharing a link will diminish the chances of other volunteers from helping you.
ok i will try, thank you, the reason why I do not like to post links is that wordpress being the main target of hacks, maybe better avoiding to clearly tell the your websites (that you try to protect) are made with worpdress is not a stupid idea ? (but I also accept if it’s stupid!)
Moderator
James Huff
(@macmanx)
Volunteer Moderator
The bots that can do damage can already figure out what you’re running. They also don’t check forums. They simply run about the web at random looking for attackable targets, just like comment spam bots really.
For comparison, note how many people list their sites in their profiles here. Jan does, and he’s been supporting WordPress here for 10 years. I do, and I’ve been supporting WordPress for 11. And really, all of the thousands of volunteers contributing to WordPress do, as well as many users here asking for help.
There are three aspects of WordPress that you need to be concerned with:
1. Use a strong password on WordPress and your hosting account. Using a weak password is like taping your key to your door, there’s no point in even having a lock then.
2. Apply updates as soon as they are available, or simply do not disable WordPress’s auto-update system.
3. Trust that the members of the WordPress Security Team know what they’re doing, and that they release security fixes as soon as vulnerabilities are reported, and they really do. For more on that, and to put your mind at ease about WordPress security, read https://wordpress.org/about/security/
Now, with all that said, anyone who gains access to your server can compromise WordPress by altering files. This is true for any website system, even simple static HTML pages. That’s not really WordPress’s fault. It would be like blaming your desk drawer because someone broke into your house and stole something out of it. All of that is on your hosting provider to properly secure their servers. Most of them do, but just in case they don’t, we do have a few recommended security measures.
Hello, thank you for replies, I have now found that the problem was caused by another plugin (and not customizer theme), even if I don’t know which one yet.
My problem was this one:
http://presscustomizr.com/support-forums/topic/woocommerce-and-image-size/
But the fix proposed didn’t work.
And as my shop was slow, I disabled all not directly useful plugins as security modules, etc…
Now I only have woocommerce and few other plugins, it works fine and the shop is faster.
I have a strong feeling that all the security modules are causing problems and also slow loading of the shop, but I know that we need them, so…
… if there was only 1 security plugin to install, could you tell me which one ?
Thank you so much for your help.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
I have now found that the problem was caused by another plugin (and not customizer theme), even if I don’t know which one yet.
To find out which one it is, reactivate each plugin individually until you find the cause.
if there was only 1 security plugin to install, could you tell me which one ?
Generally, you just need a strong password and to apply updates as soon as they are available (or simply do not disable WordPress’s auto-update system).
However, it can’t hurt to have a plugin which locks out individuals after a certain number of failed login attempts, like Jetpack’s Protect module https://wordpress.org/plugins/jetpack/ (which I use) or https://wordpress.org/plugins/limit-login-attempts/ (which despite its age still works great).
Additionally, having something to regularly scan your files for know exploits is good peace of mind. I use https://wordpress.org/plugins/vaultpress/ which is a backup service *and* security exploit scanner. I also work for Automattic, so fair disclaimer there. 😉 https://wordpress.org/plugins/sucuri-scanner/ is a similar service, which I have used in the past too.
Some folks who want more usually go for plugins like https://wordpress.org/plugins/better-wp-security/ or https://wordpress.org/plugins/wordfence/
With all that said, there really is no 1 plugin. Like locks on your door, everyone has a personal opinion about what’s secure and convenient for them specifically, but there are lots of options.
