Topic: Website security

[Blake]

Hello folks!

So as I mentioned in the "introduce yourself" thread, I found this forum because my friend's website was recently hacked.  It's a Wordpress blog, but with a unique (non-wordpress) URL.

The hack actually was done by the hacker breaking into the hosting company's servers and replacing many sites' index.php pages.

So I've started finding some resources on improving website security, particularly Wordpress security, but specifically I'm wondering what can be done to protect one's website if someone breaks into the hosting company's servers.  Is there anything, or is that something a webmaster has no control over?  Do you just have to pick a hosting company with better security?

Also, like I said in the intro thread, I basically know nothing; I'm just a user, not a programmer.  :-)  Thanks for any help!

[Samker]

Hi again Blake.

First thing to check is did you have latest version of Wordpress and to every version Upgrade install immediately.

Second thing is that you have proper settings permissions for files on server.

Related to Server you can't do to much, except to choose some well know service which install Upgrades to MySQL and other things ASAP.

For the end please check this advices also:

http://www.problogdesign.com/wordpress/11-best-ways-to-improve-wordpress-security/

http://www.famousbloggers.net/improve-security-wordpress.html

http://www.thesitewizard.com/blogging/secure-wordpress-blog.shtml


Hope this will help you??

I also expect more reply's and advices for other SCF Members.

Best Regards,

Samker


P.S.

So sorry for my bad English...

[Blake]

No need to apologize for your English!  I understand you perfectly.  Thank you.

I'll talk to my friend about Wordpress updating, but I bet that wasn't the problem.  She stays on top of that sort of thing.  Thank you very much for the links; those plus the ones I already found, I've got quite a bit of reading to do.

I was afraid that she couldn't protect against an attack on her server.  That's good to know, though, to tell her not to blame herself for something she couldn't control.

[haz]

I Agree with what Samker said, I think if the hacker was able to break into the hosting company servers and replace many websites index, he mush have the root or admin account, thats not wordpress's fault, you need a better & more secure host !

[neerajrawat1]

Blake it can happen with any hosting company even the top ones because everyday new viruses and vulnerabilities keep on discovering here you cant do anything

but yes few steps you can take at your side

always use a good security software at your side that too updated one

always keep a back up of your website on your pc and on external source as well as anytime your pc security can also be compromised even the server backups can be destroyed depending upon the severity of the attack so that you can make your site running up any time

and always use wp plugins from trusted sources as they may contain malicious code as well

[Blake]

Thank you both; good advice, for sure.

[manual2100]

if your friends server is not updated maybee the attacker gained access from some other process and not wordpress. You should always update the server OS, use firewalls, install patches for wordpress.. There are still some 0day attacks. You can use intrusion detection systems as well.. Still, nothing is 100% secure..always have backups of your files..

[krrjhn]

I agree with smaker i think its a perfact link for you!!