SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    phpLD Fanatic bronze trophy dvduval's Avatar
    Join Date
    Mar 2002
    Location
    Silicon Valley
    Posts
    3,626
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)

    Unhappy Wordpress Gets Hacked Too Much?

    It seems like maybe me and Wordpress are not a good match. It just gets hacked. I have one I put up for a customer maybe 1-2 years ago, no extra plugins, and hacked. Had the same thing with another site. It seems pretty obvious you have to put the customer on a maintenance plan if you are going to have wordpress. Our company's software, phpLD started getting installed all over the net in 2005 range, and many of those are still running today. There has not been a major I ever. Maybe it is because we are not as popular, but I'm really thinking about telling customers we only do wordpress if they pay for a maintenance plan, or else they will get hacked.

  2. #2
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,785
    Mentioned
    25 Post(s)
    Tagged
    1 Thread(s)
    All you really need to do is to tell them to click on the link to update to the latest version whenever the control panel tells them that a new version has been released. It is very unlikely that a WordPress installation that is kept up to date will get hacked.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  3. #3
    SitePoint Addict
    Join Date
    Oct 2008
    Location
    Virtual World is my location
    Posts
    308
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    As pointed out, you need to update to the recent version of Wordpress and keep all the plugins up to date.
    As with a custom CMS that you have mentioned as it might be used only on a few sites no one is interested in trying to find out loopholes and crash the site, but in case of wordpress as its a very popular CMS many bugs / security issues are found for core wordpress as well as plugins and from time to time they are fixed by respective developers.
    I would recommend that you ask clients for a maintenance plan which wont involve you much work as most of the times the updates are automatic at the click of a button, but at times it may involve making changes to your template code etc to fix any display / front end issues
    RecipesNext.com - recipes, kitchen queries, videos & more...
    BargainNext.com - coupons / deals / bargains / offers & more...

  4. #4
    SitePoint Enthusiast seanuk's Avatar
    Join Date
    Dec 2012
    Location
    UK
    Posts
    30
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Most common reason Wordpress installs get hacked in when they're on shared hosting and you can't lock down the permissions correctly, so have wp-content folders set to 777 permissions.

    I've had Wordpress as my CMS since 2005, running on 30+ sites and not once been hacked.

  5. #5
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,547
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    There are various other hardening measures and precautions (other than keeping up to date) that can reduce exposure and likelihood to being hacked for wordpress. I always carry these out for wordpress sites if there is no ongoing maintenance contract, as you point out, the chances are they will fall behind with updates.

    - Always strip theme of wordpress meta data
    - Never use default wp-admin directory
    - Put an htaccess password on admin directory
    - As Sean mentions, if possible lock down file permissions site wide, and also block extraneous filetypes in any upload directory.

  6. #6
    SitePoint Enthusiast PromptSpace's Avatar
    Join Date
    Jun 2012
    Posts
    96
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    #1- Keep your wordpress updated at all times.
    #2- Do not use a hell lot of plugins. Keep you plugins usage to minimum. It is due to the fact that many WP plugins are not very well coded and results in a website being compromised.
    Host4Geeks | Hosting powered by geeks, enhanced with a scoop of
    love and awesomeness!!

    The goal as a company is to have customer service that's not
    just great, but legendary -Henry Ford

  7. #7
    SitePoint Enthusiast dyrer's Avatar
    Join Date
    Sep 2005
    Location
    Greece
    Posts
    41
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Have you changed salt in wp-config.php if not go to https://api.wordpress.org/secret-key/1.1/salt/ and replace the original

  8. #8
    SitePoint Member polarbearman's Avatar
    Join Date
    Dec 2012
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dyrer View Post
    Have you changed salt in wp-config.php if not go to https://api.wordpress.org/secret-key/1.1/salt/ and replace the original
    Wow, what is that? Something new to me.

    Most of my wordpress sites have been hacked before. I created a personal script to reset things to default. 1 of the most irritating problem is the template issue. I have to make sure I have a backup of the theme.

  9. #9
    SitePoint Member AmitThakur's Avatar
    Join Date
    Dec 2012
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do following to protect your Wordpress sites(s):

    1. Change default Wordpress database prefix wp_ to something random like a45w8_ .
    2. Change default admin username to something new and unpredictable.
    3. Chane the Admin URL www.sitename.com/wp-admin/ to www.sitename.com/SomethingRandom .
    4. Change author slug.

    Points 1, 2, 3 can be done by a plugin Better Wordpress Security.
    4 can be done by Edit Author Slug

  10. #10
    SitePoint Addict deadmix's Avatar
    Join Date
    Jun 2009
    Location
    france
    Posts
    210
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by AmitThakur View Post
    Do following to protect your Wordpress sites(s):

    1. Change default Wordpress database prefix wp_ to something random like a45w8_ .
    2. Change default admin username to something new and unpredictable.
    3. Chane the Admin URL www.sitename.com/wp-admin/ to www.sitename.com/SomethingRandom .
    4. Change author slug.

    Points 1, 2, 3 can be done by a plugin Better Wordpress Security.
    4 can be done by Edit Author Slug
    i think all is said on this steps it's really too important to secure the wordpress CMS and in fact all other CMS have to be Up-To-Date... i own several wordpress blogs and i always do the same steps...

  11. #11
    SitePoint Member
    Join Date
    Mar 2007
    Location
    UK
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The key to running a hackless wordpress site is keeping it up to date at all times. Sometimes they will only release a .1 update but it may include a quick security feature or a loophole cut out to stop hackers. Problem is they can only learn from what people report, so someone has to be on the receiving end in order to report it for others to benefit.
    Journalist at review site OnlineGaming4u.
    News editor at AJKendall Web Design.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •