Wordpress Blues- do share your thoughts?

Friday, I spent most of the morning trying to sort out my blog that has been hosted on a supplier's server.

This is the second time my BLOG has been hacked. This month the Webmaster is away and I was very pleased to have the help of my friend Tina Jonasen who looked into the pages and removed the hackers page. Thankfully she understands Wordpress a bit better than I do;-) Is there no end to this lady's talents!!!

Nevertheless, as I do I understand HTML I could see how the hacker added the content and got in contact with the ISP to report abuse. I have received their autoresponser message but nothing else to date.

Tina and I have exchanged views and information on what to do to keep your content secure and backed up.

Does anyone else have any views to share on Wordpress security?

Best wishes

Stella Holman-TheConnector

.

Social Media Visibility Consultant -
Can I show you how to "Get in the Conversation and Create your Niche"
DO YOU NEED A HOLIDAY? We offer an entirely new way to TRAVEL. Leave your contact details and I will get back to you,.

William Buist

WilliamBuist

Wordpress Blues- do share your thoughts?

I run a number of wordpress blogs and I think the key things are to make sure that you as a minimum, use only the latest version of Wordpress and update as soon as they release an update. Use Plugins from trusted sources. Update frequently, remove any unused plugins. Use email obfuscators so mailto: links work but screen scraping robots can't get the email address. if you publish an email address on the site don;t use it as your user name, Ideally use a hard to guess easy to remember user name (eg "St33laH0man" as well as a random password, don't use public computers to logon or make sure that you clear the cache when you finish and don't tell the browser to remember it, so uncheck any 'remember me' boxes. Use a free gmail account to mail backups to daily. Weekly backup to dropbox or similar to give redundancy and offsite recovery options. Use a well known ISP with a track record for wordpress sites. Remember that hackers can get to the database with the right PHP so use sensible security there too. Use established themes and/or frameworks from trusted sources. William Buist Ecademy, Follow me >

1 comments

David Chadderton

davidchadderton-255001

Wordpress Blues- do share your thoughts?

Wordpress in itself is rarely the problem - I read recently of a number of Hostgator customers whose accounts were accessed and WP hacked. From what I understand, HG weren't directly to blame and were actually quite good at helping to fix the issues that arose (that said, I never use them myself!!). There are a number of decent security plug-ins for WP but I use Better WP Security. Features (from their site) Remove the meta "Generator" tag Removes login error messages Change the urls for backend functions including login, admin, and more Limit admin access to specified IP or range of IP addresses Ban troublesome bots and other hosts Completely turn off the ability to login for a given time period (away mode) Prevent brute force attacks by banning hosts and users with too many invalid login attempts Display a random version number to non administrative users anywhere version is used (often attached to plugin resources such as scripts and style sheets) Remove theme, plugin, and core update notifications from users who do not have permission to update them (useful on multisite installations) Remove Windows Live Write header information Remove RSD header information Strengthen .htaccess settings Enforce strong passwords for all accounts of a configurable minimum role Detect attempts to attack your site Rename "admin" account Security checker Change the Wordpress database table prefix Force SSL for admin pages (on supporting servers) Change wp-content path Turn off file editing from within Wordpress admin area Works on multi-site (network) and single site installations For anyone particularly worried I'd also suggest using a password generator like http://randompasswordgenerator.net or http://www.random.org/passwords/ . My other recommended WP plugins include, Google XML Sitemaps, All-in-One Webmaster, and Wordpress Tweeter. I install them in that order - by creating a sitemap.xml I can submit it to Google right away (even before adding content) when I add the site to my (Google & Bing) Webmaster Tools account. Then I add the AIO Webmaster plugin - inputting my Webmaster and Analytics account details as I go through the set up. Now, every time I update my blog, Google gets new content and will start to index the site properly as I configure the site for relevant keywords (I only ever work with 1 per page). [For anyone new to HTML, PHP etc and wishing to start editing the base WP files, get yourself a copy of Notepad++ (free) - it's a brilliant editor which I use every day] I suppose I should also state the obvious - BACK UP !! __ regards David Chadderton SEO and Web Development Consultant DeltaSEO.net Creator of TheHangar.tv and HorsesandTack | Horses for Sale Network

0 comments

Gordon Wheaton

gordonwheaton-294525

Wordpress Blues- do share your thoughts?

Hello Stella, touch wood, Wordpress has always been fine for me. i have 3 or 4 blogs on there, but they are fine. No security problems. I am lucky I guess Regards Gordon

0 comments

jet rotmans

jetrotmans-173923

Wordpress Blues- do share your thoughts?

dear stella sorry for the trouble and good tina was there to help good wishes lots of love jet

1 comments

Tracey Finlay

traceyfinlay-643311

Wordpress Blues- do share your thoughts?

Ah Stella/Tina, how timely your comments are. I have just built a very basic Wordpress profile and am now pondering over whether to get it hosted elsewhere. A list of advantages and disadvantages would be very much appreciated. So much to do to get out there! Tracey

1 comments

Amanda Vlahakis

vlahakisa-22055

Wordpress Blues- do share your thoughts?

I like to do a lot of things myself with regards to my business, but at the same time I realise that I don't have time to become an expert at everything that my business requires (no one can) - and when it comes to extremely important things like my blog, I'd like to have an expert overseeing it rather than myself. Learning how to use Wordpress is one thing (I know how to 'use' Wordpress), but being an expert and avoiding situations like hacking and such like is a completely different level of skill. Amanda

1 comments

Tina Jonasen

thinkinnewareas

Wordpress Blues- do share your thoughts?

Thanks dear Stella - you make me blush ;-) Actually, as you dont have access to your server (since your webmaster is away = first lesson; never loose control over your own site/stuff) - I couldnt really see what the hackers had done (there might be several openings) so what I did was actually only to make a new post that was sticky - which is actually what the less competent hackers sometimes only do (in this case very lucky for you ;-) My best advice is: - as said above: be sure to get a SECURE HOST as I recommended you; HOST GATOR for example (I´ll move your site for you if you wish) - always see to it that you got a BACKUP of your entire site, FileZilla for example (or one of the free WordPress Plugins - just search for BackUp - get rid of the text on the buttom of your page, where it says; "Powered by WordPress" - its like an invitation for "Drive By Hackers" :-( - always keep your WordPress, and other plugins, updated!! Warm Networking Regards,

1 comments

Amanda Vlahakis

vlahakisa-22055

Wordpress Blues- do share your thoughts?

I recommend that you speak to Barbara Saul for advice and possibly to manage your blog system for you for any upgrades etc. Her team are extremely experienced in Wordpress builds and management. She upgraded my mega old blog system for me, and was very proficient and knowledgeable throughout even though it became a total nightmare due to the age of my blog + my useless low tech hosting. Amanda

1 comments

Massimo Luciani

massimoluciani-394855

Wordpress Blues- do share your thoughts?

Many systems get cracked because a pice of software has a vulnerability that's already known so a couple of base security rules are: - host your blog on a reliable service. I know it's hard to pick the right one so you have to look on the Internet for opinions about hosters who keep their system software updated. - keep your WordPress and plug-ins updated. Open Source resources and games My blog about technologies, sports, books and other stuff

1 comments