Welcome to BeerMoneyForum.com - BIGGEST MAKE MONEY FORUM ONLINE

[Hera]

Things started to get better and better with my website after hiring SEO expert, now I'm on Google's first page between position 3-4, traffic is coming like crazy and I'm concerned not to get hacked and lose my site.

How to secure Wordpress site from hackers?

 

[Athena]

Indeed it's a problem, the first and the biggest problem is the admin url, the link used to access admin control panel.

Because not many change their default admin url which looks like this yourdomain.com/wp-admin hackers take advantage of this and use so-called brute force attack to crack your password to get access in your admin area. Brute force attack means testing millions of passwords in short period of time with automated bots.

The very first step in securing your wordpress site is making a backup of your database as often as you make updates, if you can do it daily than do it daily, if you want weekly you can do it weekly but if your site got hacked you may lose a week of work at your site which sometimes can be irrecuperable.

For this I would like to recommend the best wordpress backup plugin and once activated and configured you can sleep well my friend. Read features and download plugin from http://wordpress.org/plugins/backwpup/

The next step in hardening your wordpress site is to limit login attempts which means you can set a number of failed logins attempts by IP. This will give hard times to hackers, their system now needs new IP to be able to continue the brute force attack, proxies doest cost, hopefully they don't have budget for it. Anyway the plugin will keep banning IPs as per our settings, temporary lock out and ban lifting timing.

For this I would recommend the plugin from http://wordpress.org/plugins/limit-login-attempts/

Do not use admin as your admin username because hackers will limit login attempts to this username and it remains to crack your password for full access. So you need to have a different username, just in case you already chosed admin as your username do not worry, you can change it via PHPMyAdmin, here is simple, log into cPanel, go to PHPMyAdmin then locate your database then go to wp_users table then Click Edit next to your "admin" user, then change the user_login field to something different, that's it!

Last but not least, avoid easy passwords, when you change the password make sure is a strong one, passwords like 123456, IloveYou, Mike10 etcetera are easy to be hacked. This is how strong passwords looks like: Ma?.@8>Qz, g.Y@.!l#F, P"@u9J!7 etcetera.

Recap:
1. Backup of database as often as possible.
2. Limit login attempts failed per IP
3. Do not use "admin" as your username
4. Avoid easy passwords

Do you know other ways to secure a wordpress site from hackers? Let's hear them!

 

[Hestia]

I hate hackers! Who doesn't LOL!

@Athena I'd like to thank you for taking your precious time and share with us how to secure our wordpress websites.

 

[Lovely]

Hackers are always on the prowl.and site owners must be on hands to fight them.off,I think the best bet is having a very strong password that will be difficult to guess which should consist of alphanumeric and symbols and try to change the password from time to time and also have a backup for any eventuality. if possible have a security software in place to keep attacks away.

 

[DeltaRomeo]

I'm not promoting my job here ...but you can always hire a hacker ...cheaper than you think.. on our G+ page under hacker for hire ... where all hackers are Certified Ethical hackers .. where hackers illegally hack your system under federal guide lines while you watch on a screen and show you the Vuns. and patch them for you to keep hackers out ... just a thought some of you mite like to know...

 

[DeltaRomeo]

The best way I found that most people make is using there pets or kids names or birthdays...after they post it on social media ...Stop doing this it will help alot..make your passwords at least 20 letters or symbols... check your own ports with a DNS tool you can find on line then look on you tube to learn how to secure while mining ...

 

[Gamegoo]

Indeed it's a problem, the first and the biggest problem is the admin url, the link used to access admin control panel.

Because not many change their default admin url which looks like this yourdomain.com/wp-admin hackers take advantage of this and use so-called brute force attack to crack your password to get access in your admin area. Brute force attack means testing millions of passwords in short period of time with automated bots.

The very first step in securing your wordpress site is making a backup of your database as often as you make updates, if you can do it daily than do it daily, if you want weekly you can do it weekly but if your site got hacked you may lose a week of work at your site which sometimes can be irrecuperable.

For this I would like to recommend the best wordpress backup plugin and once activated and configured you can sleep well my friend. Read features and download plugin from http://wordpress.org/plugins/backwpup/

The next step in hardening your wordpress site is to limit login attempts which means you can set a number of failed logins attempts by IP. This will give hard times to hackers, their system now needs new IP to be able to continue the brute force attack, proxies doest cost, hopefully they don't have budget for it. Anyway the plugin will keep banning IPs as per our settings, temporary lock out and ban lifting timing.

For this I would recommend the plugin from http://wordpress.org/plugins/limit-login-attempts/

Do not use admin as your admin username because hackers will limit login attempts to this username and it remains to crack your password for full access. So you need to have a different username, just in case you already chosed admin as your username do not worry, you can change it via PHPMyAdmin, here is simple, log into cPanel, go to PHPMyAdmin then locate your database then go to wp_users table then Click Edit next to your "admin" user, then change the user_login field to something different, that's it!

Last but not least, avoid easy passwords, when you change the password make sure is a strong one, passwords like 123456, IloveYou, Mike10 etcetera are easy to be hacked. This is how strong passwords looks like: Ma?.@8>Qz, g.Y@.!l#F, P"@u9J!7 etcetera.

Recap:
1. Backup of database as often as possible.
2. Limit login attempts failed per IP
3. Do not use "admin" as your username
4. Avoid easy passwords

Do you know other ways to secure a wordpress site from hackers? Let's hear them!

Thanks for this amazing guide! From my experience, I've downloaded a plugin for limit login atempts and I could track the times my site was attacked and yes, the Admin and Administrator usernames are the most used. I also found out they try your domain name (ex. blog.bmf.com, they try blog.bmf). Now that I could keep an eye on this, I installed a plugin to change the wp-login.php to whatever I want. And now my brute Force logs are empty. So I also recommend installing a plugin that changes the wp-login.php to something that you want.

 

[anyona54]

Seems like only the control panel of administration is at risk for hacking, considering the posts above. There is some method too, where the hacker doesn't have to have access to the user control panel. Just a mobile browser and he will be done deleting some content in the blog. Your site acts just like a computer machine, and a browser just searches it for information. Whoever gets information can also delete them if a hack is perfomed. But some web hosters got that covered, but a hacker can come up with new methods too.

 

[awanama]

Keep your WordPress updated, since there are lots of critical security patch you'll miss when you aren't updating your WordPress.

And don't install malicious plugins. It also make your blog heavier to load, beside of exposing your blog to danger.

 

[overcast]

There are some plugins worth using for example,

1. jetpack
2. Wordfence
3. Sucuri security

These are the plugins that can protect you from the malicious attacks on the wordpress website. I have mostly noticed the WordPress based blogs whose theme and plugins are not updated tend to get attacks the most.