August 31st in Hack Prevention, Wordpress Plugins by Wordpress Jedi .
Many WordPress webmasters assume that just running their sites with this platform will keep them secure against hack attacks. While WordPress is a fairly secure platform, it is not 100% hack-proof. There are simple things you can do to keep your website protected against attacks though. For instance, you can hide plugin information, secure directories, and protect your config file to keep your site safe. Using top security plugins is a great idea too. Here are 5 plugins that show you how to identify security vulnerabilities in WordPress:
Security Ninja: performs 26+ tests on your website to identify security holes and vulnerabilities. It shows you which areas you need to focus on. [click to continue…]
March 27th in Hack Prevention by Wordpress Jedi .
Getting hacked is one of the worst experiences one can go through as a webmaster. Unfortunately, no matter how careful you are, there is always a chance that a smart hacker might get around your defenses. That does not mean you should just give up and do not do your best to protect your website against future hack attacks. Fixing a hacked website is not always difficult. In fact, it can be a very time consuming process.
Troubleshooting & Fixing Hacked WordPress Sites
In order to fix your website and get it back to its original condition, you first have to analyze what has happened. Sometimes all hackers do is deface sites and manipulate their .htaccess files. Those are not that hard to fix. Database and server hacks are a bit more consuming to get a handle on though.
Determine the method of hack
Fixing your website is important. But you also need to understand how you were hacked so you can avoid having to deal with the same issue in the future. There are commands you can run on your server to figure out how it was accessed and by whom.
If you are with a decent web host, chances are its team has a guide on how to deal with hacked sites. You do want to pay attention to the date the files on your sites were changed. That helps you identify which files you need to take care of first (I would delete everything though). If your database has been altered, you are better off using a clean backup to save yourself some time in the process. Of course, you can always go through your database and use commands such as this to find malicious content in it: [click to continue…]
February 27th in Anti-Spam, Hack Prevention by Wordpress Jedi .
Plenty of web publishers spend the majority of their time creating killer content for their websites. There is nothing wrong with that approach. Content is king after all. But as a webmaster, you should also pay attention to exploits and malware affecting WordPress sites and take measures to prevent your site from getting compromised. Adding a security firewall to your WordPress install may stop many hack attacks. But it won’t stop everything. These 5 anti-malware tools help you keep your website clean and secure:
Sucuri: an affordable web integrity monitor for your website. It detects unauthorized changes to your website and helps you remove malware from it. [click to continue…]
November 24th in Wordpress Tips by Wordpress Jedi .
Many webmasters assume that as long as they use WordPress on their site and install a couple of security plugins on their site, their website will become hackerproof. No matter how strong your defenses, hackers are always likely to find a way around them. Your job as a webmaster is to make the process as difficult as possible for them. We all know about the basic steps we all need to take to keep our site secure. But adopting a strict security policy in your organization will give you a better chance to keep your business protected against hack attacks. Here are 6 simple security practices that you should follow to avoid disasters in your business:
- watch out for the rogue plugins: many WordPress webmasters are too plugin-happy. In other words, they download every cool, little plugin that they find online. Not all plugins are coded the right way. Many of them contain holes hackers can take advantage of to compromise your website. The same applies to scripts too. Using plugins and scripts on your website without knowing their weaknesses is asking for trouble.
- not every theme is safe: going back to the previous point, not every theme you find online is safe. Many of them contain malware and security holes that could put your business in jeopardy. Don’t just assume that your theme is safe because you have paid a decent amount of money for it. You should always try to find out about the reputation of your favorite theme’s developer before deploying it on your site. [click to continue…]
August 23rd in Hack Prevention, Wordpress Plugins by Wordpress Jedi .
Your WordPress login page is perhaps the most important page on your website. It is what keeps strangers (hackers) at bay. If your site credentials fall into the wrong hands, your business is going to be in trouble. Thankfully, there are plugins you can install to protect your login process against hackers and crackers. Here are 7 plugins that help keep your login process more secure:
Limit Login Attempts: one of the best ways to keep your site secure against hack attacks is by finding and banning the IPs belonging to hackers. This plugin will notify you of that information as soon as your site is attacked.
WP Login Security: requires all the admins on your website to register and whitelist their IPs. If an IP is not recognized, an email will be sent to the admin’s registered email address with a one time password. Adds another layer of security to your blog.
Login Lock: a complete login protection system that enforces strong password policies, monitor hack attempts, and even bans abusers. Allows forced logouts by admins. [click to continue…]
July 13th in Hack Prevention by Wordpress Jedi .
I personally do not allow anyone to register for an account on any of my blogs. That approach does not always work though. Sometimes, you are forced to allow registrations on your website if you want it to grow and move to the next level. Most users will respect your website and won’t try to mess with it. But dealing with rogue users should be at the top of your agenda. These 10 plugins let you handle abusive users and keep your business protected:
User Locker: sometimes people just forget their credentials and try different username/passwords out of desperation. But brute force attacks are very real, which is why you should ban abusers with this plugin.
User Spam Remover: this is a powerful plugin that can clean out your database from spammers and accounts that have not been used since their creation. You do have the option to define the time period after which inactive accounts are removed. [click to continue…]
June 15th in Anti-Spam, Hack Prevention by Wordpress Jedi .
Those who do not have a highly popular website probably do not get too many hack attacks on their websites. But as soon as your website starts getting any decent amount of traffic, you are going to see an increase in the number of attacks on your website. Installing a few security plugins and taking precaution with your sensitive data can go along way towards keeping your site secure against these types of attacks.
Adding a firewall to your WordPress install is one way to keep hackers out. Firewall plugins keep hackers and their queries from messing with your site and its database. No blog is hack proof. But the more difficult you make the process, the less likely it is for your website’s walls to get breached. These 6 firewall WordPress plugins let you do just that:
WordPress Firewall 2: a powerful firewall for your WordPress site that investigates requests and blocks the most obvious attacks. It protects your plugins as well. Best of all, it informs you when your site is being attacked. Sometimes, this could be too strong though.
Block Bad Queries (BBQ): takes care of suspicious URLs to keep your blog secure against malicious URL request attacks. Works great on older WordPress versions too. [click to continue…]