| User | Post |
|
9:16 am
August 22, 2011
|
retireby40
| | USA | |
| Member
| posts 1381 | 
|
|
|
I've been having problem with security lately. I got hacked twice over the past 2 months and had malware inserted last Friday. Currently I don't have any security service and I'm just wondering what are you doing to keep your site secure?
Can you recommend any good affordable security service? Being hacked really sucks! I already don't have enough time to write, fixing these security issues is really draining.
thx
|
|
|
|
|
9:49 am
August 22, 2011
|
Eric – PersonalProfitability.com
| | Portland, OR | |
| Member
| posts 2120 |
|
|
|
You can do it all yourself for free and easily.
First, make sure your permissions are secure. You can read about that at the Wordpress Codex.
Next, add good security plugins to find holes. This guide will fix virtually all vulnerabilities outside of specific plugin issues: http://www.problogger.net/arch…..re-secure/
Send me an email if you have specific questions when implementing those steps.
|
|
|
|
|
9:50 am
August 22, 2011
|
OneCentAtatime
| | Florida, USA | |
| Member
| posts 1778 |
|
|
|
Did you check with your host as to which route you were hacked in to? Its not only your responsibility to keep ur site hacker proof, its your hosts's job function too.
Get in a call with them and try to identify the root cause based on that you find the solution, deactivating and deleting some plugin files might resolve issue if its one of the plugin weaknesses hackers used.
Plugins which directly communicates with external systems, (comment luv, google analytics/adsense dashboard etc) are prone to threats. Use the plugins which only access your server data (allinoneSEO, commentcounter/subscriber, topcommentatorswidget etc).
|
|
|
|
|
10:12 am
August 22, 2011
|
Suba @ Wealth Informatics
| | |
| Moderator
| posts 1876 |
|
|
|
Post edited 11:28 am – August 22, 2011 by Suba @ Wealth Informatics
+1 to first setting your permissions as tight as you can (it might be good to have someone look over those things if you are not sure what is the right setting, see if Jesse @ PFFirewall is available to set you up if you need help). And the standard moving the wp-config file, deleting the admin account and deleting the root user (if you are on VPS/dedicated) will help too…
I use WP-Security-Scan + Secure Wordpress and try to keep plugins to a minimum. If you are on VPS/dedicated, you could install CSF. You can also restrict login from IP addresses (add a .htaccess file to wp-admin to whitelist the IPs you use). And add empty wp-content/plugins/index.html file (just so no one can figure out what plugins you are using).
|
|
|
|
|
11:13 am
August 22, 2011
|
MyJourneytoMillions
| | |
| Member
| posts 1012 |
|
|
|
GO E-MAIL JESSE FROM http://www.pffirewall.com/ right now!
He is an animal and really responsive regardless of the time. At this point I am in his maintenance plan and just pay him monthly
|
|
|
4:59 pm
August 22, 2011
|
Buy Like Buffett
| | |
| Member
| posts 1682 |
|
|
|
|
6:40 pm
August 22, 2011
|
Khaleef @ KNS Financial
| | Fat Guy, Skinny Wallet | |
| Member
| posts 3149 |
|
|
|
MyJourneytoMillions said:
GO E-MAIL JESSE FROM http://www.pffirewall.com/ right now!
He is an animal and really responsive regardless of the time. At this point I am in his maintenance plan and just pay him monthly
My site looked crazy Friday morning – Jesse had it back to normal before lunch! He just told me about his maintenance plan today. He's also going to work with me on a major site redesign.
|
|
|
|
Login
Search 
Home
Print this Topic 
Topic RSS 
