How do I block Hackers in WordPress?
In December of last year this site was hacked and blacklisted on Google. They had every right and at the time I had little understanding of how sites were exploited and how once a site is infected it is almost impossible to clean it up. When users tried to visit this site it was blocked at the browser level meaning that Firefox, Chrome and Safari all have partnered with Google to block sites that are spewing out malware.
I was alarmed and upset obviously because this is my business and as a web designer I have a reputation to uphold. How can my clients trust my design and their site’s security if I can’t even keep my own site from being hacked? To be honest, most of my areas of expertise are in design. I understand and write in CSS code and HTML, I use Dreamweaver, Photoshop, Illustrator and InDesign with ease, but I had become lax in the area of security because I had not been previously hacked.
Because of these exploits, I have spent hours and hours restoring my site and helping others setup secure processes on their sites so they don’t get hacked. In this process I learned that websites are constantly being hit up by robots that are scanning and trying to logon to your site. I setup Sucuri Security plugin which will alert you each time someone tries to login to your site and I was surprised at how every site was getting attacked by random login attempts.
So what did I do?
I first of all changed all of my passwords and made them much more difficult. It is too easy to become lazy and make passwords the same or relatively simple words to remember.
Secondly, I installed Sucuri on all my sites as well as Wordfence. Sucuri will email you the IP Address of the person/robot trying to login to your site and you can block that IP Address with Wordfence.
Third – Deactivate and Delete all plugins that are not being used. Why have plugins activated anyway that aren’t in use?
Fourth – Change the wp-admin login folder to something else using a plugin that allows you to alter this folder. Most hacking tools are going to look for common mistakes and will start with the standard way to access your website. With over 72 million websites using WordPress it is probably super simple to write a script that says to go and look for all sites that follow the pattern http://www.yoursite.com/wp-admin and then to use “admin” for the username and a few common password combinations. As a designer I have been surprised at how many of my clients will use similar passwords like asdfzxcv or 1234Password – any sequence on the keyboard that might seem complex to you is probably the simplest for a program to figure out.
These were some of the quickest and easiest fixes that I did for my site and as new hackers try to access my site I get alerts from Sucuri. These 30 minutes or so of preventative measures can save you hours and hours of headache from a hacker.
Also, you should keep good backups of your site and save your posts offsite in a Word Document. When your site is hacked, depending upon the number of pages you have, it can be very difficult to clean up the infection. So, what I recommend is storing a good clean backup at least every 30 days and then if you have to delete your entire site and start over you can. And since you may lose some of your posts, you can repost them if you have them in a word document. Content for some users is going to be more important than others. I know some clients that pay 100’s of dollars each month for SEO rich content that actually drives good traffic to their website.
This was a hard lesson learned and as I continue to learn more about web security and best practices I will continue to keep you updated.
26 Comments
-
whoah this blog is magnificent i really like reading your articles. Keep up the good paintings! You know, a lot of individuals are looking around for this information, you could help them greatly.
-
742017 83007Nice blog here! Also your website lots up very fast! 560613
-
tadalafil generic name – tadalafil generic online tadalafil buy
-
Requip Secnidazole pharmacy prices
-
pharmacy rx one reviews erection pills family pharmacy
-
vardenafil vs tadalafil tadalafil generic tadalafil reviews
-
levitra 5 mg brand levitra levitra for sale online
-
tadalafil pills: http://tadalafilonline20.com/ tadalafil gel
-
422842 74575Very efficiently written story. It will likely be useful to anybody who employess it, including me. Maintain up the good function – canr wait to read much more posts. 20179
-
what does sildenafil do sildenafil 20mg how to take sildenafil
-
tadalafil pah tadalafil half life tadalafil research
-
best canadian online pharmacy canada pharma limited compound pharmacy
-
tadalafil liquid – http://xtadalafilp.com/ tadalafil buy
-
[url=http://essaywriteris.com/]best essay writers review[/url] the best essay writer who can write my essay best online essay writers
-
[url=http://essaywriteris.com/]the best essay writer[/url] best website for essays write my history essay for me how to write my college essay
-
[url=https://papersonlinebox.com/]custom college paper[/url] buy custom papers online write my paper ghost writer for college papers
-
https://aralenph.com/ – buy chloroquine phosphate
ed natural treatment -
http://propeciafavdr.com/ – cheap propecia pills
natural ed remedies -
Dqxaeq – buy annotated bibliography paper Bloboj nwrgua
-
Finhhi – furosempi.com Lbncko bzkxfi
-
http://gabapentinst.com/# neurontin 300 mg coupon
-
http://prednisonest.com/# prednisone medicine
-
https://hydroxychloroquinest.com/# hydroxychloroquine-o-sulfate
-
Hrolxj – buy clomid 50mg Upsqzv xulhlm
-
http://zithromaxst.com/# zithromax 500mg price
-
https://gabapentinst.com/# neurontin 300 mg caps
