Hack Prevention

August 31st in Hack Prevention, Wordpress Plugins by .

Many WordPress webmasters assume that just running their sites with this platform will keep them secure against hack attacks. While WordPress is a fairly secure platform, it is not 100% hack-proof. There are simple things you can do to keep your website protected against attacks though. For instance, you can hide plugin information, secure directories, and protect your config file to keep your site safe. Using top security plugins is a great idea too. Here are 5 plugins that show you how to identify security vulnerabilities in WordPress:

Security Ninja: performs 26+ tests on your website to identify security holes and vulnerabilities. It shows you which areas you need to focus on. [click to continue…]

{ 0 comments }

Continue Reading

March 27th in Hack Prevention by .

Getting hacked is one of the worst experiences one can go through as a webmaster. Unfortunately, no matter how careful you are, there is always a chance that a smart hacker might get around your defenses. That does not mean you should just give up and do not do your best to protect your website against future hack attacks. Fixing a hacked website is not always difficult. In fact, it can be a very time consuming process.

Troubleshooting & Fixing Hacked WordPress Sites

In order to fix your website and get it back to its original condition, you first have to analyze what has happened. Sometimes all hackers do is deface sites and manipulate their .htaccess files. Those are not that hard to fix. Database and server hacks are a bit more consuming to get a handle on though.

Determine the method of hack

Fixing your website is important. But you also need to understand how you were hacked so you can avoid having to deal with the same issue in the future. There are commands you can run on your server to figure out how it was accessed and by whom.

If you are with a decent web host, chances are its team has a guide on how to deal with hacked sites. You do want to pay attention to the date the files on your sites were changed. That helps you identify which files you need to take care of first (I would delete everything though). If your database has been altered, you are better off using a clean backup to save yourself some time in the process. Of course, you can always go through your database and use commands such as this to find malicious content in it: [click to continue…]

{ 4 comments }

Continue Reading

February 27th in Anti-Spam, Hack Prevention by .

Plenty of web publishers spend the majority of their time creating killer content for their websites. There is nothing wrong with that approach. Content is king after all. But as a webmaster, you should also pay attention to exploits and malware affecting WordPress sites and take measures to prevent your site from getting compromised. Adding a security firewall to your WordPress install may stop many hack attacks. But it won’t stop everything. These 5 anti-malware tools help you keep your website clean and secure:

Sucuri: an affordable web integrity monitor for your website. It detects unauthorized changes to your website and helps you remove malware from it. [click to continue…]

{ 2 comments }

Continue Reading

July 13th in Hack Prevention by .

I personally do not allow anyone to register for an account on any of my blogs. That approach does not always work though. Sometimes, you are forced to allow registrations on your website if you want it to grow and move to the next level. Most users will respect your website and won’t try to mess with it. But dealing with rogue users should be at the top of your agenda. These 10 plugins let you handle abusive users and keep your business protected:

User Locker: sometimes people just forget their credentials and try different username/passwords out of desperation. But brute force attacks are very real, which is why you should ban abusers with this plugin.

User Spam Remover: this is a powerful plugin that can clean out your database from spammers and accounts that have not been used since their creation. You do have the option to define the time period after which inactive accounts are removed. [click to continue…]

{ 0 comments }

Continue Reading