Site5 - Built For Designers & Developers MENU

Someone hacked my WordPress site…how can I prevent this?

[2 Grey Star Level]

Google’s Webmaster Tools alerted me that there was a malicious directory with files loaded on my blog site and that someone may have hacked the site. Sure enough, there was. Easy enough to delete. However, other than change my password, any other thoughts as to how to prevent this from happening again? No problems with any of my other sites (subdomains).

Answer #1

Make sure wordpress is the latest version.
Make sure all addons are the latest version (and bin any that aren’t being maintained)
Make sure everything else on that account is up-to-date, and bin any scripts that aren’t in use.
Make sure all PC’s you use to access the site are virus free.

Answers Answered By: david [10 Grey Star Level]

Answer #2

WordPress is one of the most hacked applications out there because it is so widely used. It’s a bit unfortunate that it’s constantly hacked as it is a powerful application. There are many ways to secure your WordPress installation and the following link will help you greatly!

http://www.mastermindblogger.com/2011/14-ways-to-prevent-your-wordpress-blog-from-being-hacked/

I would suggest doing all the steps there except 11 and 12 as it could cause issues with your site not loading correctly. Step 13 would also being something optional depending if you have a static IP address for your computer or not. For example, if you have DSL internet and your IP changes constantly, you would not want to complete step 13.

Keep in mind there are several plugins out there that will help you secure your installation even further, but it’s not needed. Everything in the article above will secure your installation just fine without needing to worry about getting hacked.

Answers Answered By: Kyle Ross [9 Grey Star Level]

Answer #3

There some basic things to do that apply when using any software on your web site, not just WordPress. Some depend on your having programming knowledge, others are just administrative.

• Subscribe to e-mail notifications of security risks (and notifications of new releases)
• Keep upgraded to the current WordPress release
• If you receive a notification of a security risk and it supplies (or points to) a fix, then apply the fix.
• Most CMS, such as WordPress, have a document on their site that describes how to harden your site, that is, what to do to decrease its susceptibility to attacks. They usually require a degree of programming or Unix-style administrative skill. An example is moving configuration files out of the web root. Here’s the link for the WordPress one:

http://codex.wordpress.org/Hardening_WordPress

• This is the hard one: Check all your plugins. You need to examine the code and ensure that any input is validated and filtered before being used for anything — that includes displaying data and accessing (not just updating) a database. The basic issue here are various ways of sneaking code in without needing to know a password.

• You can turn off SSH access in your Site5 control panel. Do so. Turn it back on if you need to use it, then turn it off again. SSH is great to use if you are doing development or if you are doing an initial installation or upgrade, but should not be needed for day-to-day normal operation.

Go over the WordPress document. It discusses various things and I don’t want to duplicate it (I haven’t read it recently, so I may have already duplicated some things).

Answers Answered By: JRG [11 Grey Star Level]

Answer #4

I must say that I have to agree with all of the above questions. Most people like using WordPress, but unfortunately, there all plenty of ways in which WordPress can get hacked.

Just like everything else, prevention is much much better than cure.

You can prevent WordPress hacking by following this list of essentials tips: https://www.dart-creations.com/wordpress/wordpress-tutorials/the-essential-checklist-to-prevent-your-wordpress-website-from-getting-hacked.html

Just to paraphrase the most important tips:

1. Make sure your WordPress is set to auto-update
2. Make sure all your plugins are kept updated to their latest versions (and use as few plugins as possible)
3. Limit accss to and login attempts on WP-Admin
4. Use a strong admin password.

If you do the above, you’ll already be very much safer than most WordPress blogs.

Answers Answered By: dattard [2 Grey Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »

Money Back Guarantees
Click to verify BBB accreditation and to see a BBB report.