Members
  • Total Members: 12814
  • Latest: Rono
Stats
  • Total Posts: 28517
  • Total Topics: 8240
  • Online Today: 976
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Website security  (Read 3507 times)

0 Members and 1 Guest are viewing this topic.

Blake

  • SCF Newbie
  • *
  • Posts: 5
  • KARMA: 1
Website security
« on: 21. September 2010., 20:26:14 »
Hello folks!

So as I mentioned in the "introduce yourself" thread, I found this forum because my friend's website was recently hacked.  It's a Wordpress blog, but with a unique (non-wordpress) URL.

The hack actually was done by the hacker breaking into the hosting company's servers and replacing many sites' index.php pages.

So I've started finding some resources on improving website security, particularly Wordpress security, but specifically I'm wondering what can be done to protect one's website if someone breaks into the hosting company's servers.  Is there anything, or is that something a webmaster has no control over?  Do you just have to pick a hosting company with better security?

Also, like I said in the intro thread, I basically know nothing; I'm just a user, not a programmer.  :-)  Thanks for any help!

Samker's Computer Forum - SCforum.info

Website security
« on: 21. September 2010., 20:26:14 »




Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Website security
« Reply #1 on: 21. September 2010., 22:14:52 »
Hi again Blake.

First thing to check is did you have latest version of Wordpress and to every version Upgrade install immediately.

Second thing is that you have proper settings permissions for files on server.

Related to Server you can't do to much, except to choose some well know service which install Upgrades to MySQL and other things ASAP.

For the end please check this advices also:

http://www.problogdesign.com/wordpress/11-best-ways-to-improve-wordpress-security/

http://www.famousbloggers.net/improve-security-wordpress.html

http://www.thesitewizard.com/blogging/secure-wordpress-blog.shtml


Hope this will help you??

I also expect more reply's and advices for other SCF Members.

Best Regards,

Samker


P.S.

So sorry for my bad English...

Blake

  • SCF Newbie
  • *
  • Posts: 5
  • KARMA: 1
Re: Website security
« Reply #2 on: 21. September 2010., 22:28:17 »
No need to apologize for your English!  I understand you perfectly.  Thank you.

I'll talk to my friend about Wordpress updating, but I bet that wasn't the problem.  She stays on top of that sort of thing.  Thank you very much for the links; those plus the ones I already found, I've got quite a bit of reading to do.

I was afraid that she couldn't protect against an attack on her server.  That's good to know, though, to tell her not to blame herself for something she couldn't control.

haz

  • SCF Advanced Member
  • ***
  • Posts: 117
  • KARMA: 26
  • Gender: Male
Re: Website security
« Reply #3 on: 22. September 2010., 08:50:57 »
I Agree with what Samker said, I think if the hacker was able to break into the hosting company servers and replace many websites index, he mush have the root or admin account, thats not wordpress's fault, you need a better & more secure host !

neerajrawat1

  • SCF VIP Member
  • *****
  • Posts: 234
  • KARMA: 36
  • Gender: Male
  • We believe in sharing is caring
    • Experts Galaxy
Re: Website security
« Reply #4 on: 23. September 2010., 17:43:35 »
Blake it can happen with any hosting company even the top ones because everyday new viruses and vulnerabilities keep on discovering here you cant do anything

but yes few steps you can take at your side

always use a good security software at your side that too updated one

always keep a back up of your website on your pc and on external source as well as anytime your pc security can also be compromised even the server backups can be destroyed depending upon the severity of the attack so that you can make your site running up any time

and always use wp plugins from trusted sources as they may contain malicious code as well

Blake

  • SCF Newbie
  • *
  • Posts: 5
  • KARMA: 1
Re: Website security
« Reply #5 on: 24. September 2010., 22:03:54 »
Thank you both; good advice, for sure.

manual2100

  • SCF Member
  • **
  • Posts: 61
  • KARMA: 10
Re: Website security
« Reply #6 on: 12. October 2010., 12:31:57 »
if your friends server is not updated maybee the attacker gained access from some other process and not wordpress. You should always update the server OS, use firewalls, install patches for wordpress.. There are still some 0day attacks. You can use intrusion detection systems as well.. Still, nothing is 100% secure..always have backups of your files..

krrjhn

  • SCF Advanced Member
  • ***
  • Posts: 213
  • KARMA: -5
Re: Website security
« Reply #7 on: 05. January 2011., 09:58:22 »
I agree with smaker i think its a perfact link for you!!

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising