- This topic has 1 reply, 2 voices, and was last updated 12 years, 3 months ago by
.
-
Posts
-
Just days after I put up my first WordPress website I discovered it had been hacked, probably by an exuberant Ruskie judging by the abundance of Russian IP addresses appearing on my server logs.
Since then I’ve adopted the following security measures:
• Created an unusual admin username
• Adopted a 25-character password
• Reviewed the website’s front and back ends
• Read up on security plugins on WordPress.org• Installed and kept WordPress and plugins up-to-date, including:
• Wordfence
• BulletProof Security
• Better WP Security• Change Database Prefix
• iQ Block Country (for China, Russia, Netherlands)
• TimThumb Vulnerability Scanner
• BackupWordPressI’d like to ask what else I could do to lower the risk of being hacked?
Thanks for your suggestions!
Hi,
Wow, that's a huge list. 🙂 I also have been using Wordfence, and it's killer. Bulletproof Security is very nice, too, although it's geeky, and may be most suitable for those who find mod_rewrite and mod_security to be a fun time.I think you've done an awesome job of counter-measures - those first four bulletpoints are key! The only one that I would suggest beyond that is to scan your own machine(s) to make sure that no malware is operating there. That's a somewhat unlikely, but possible, source of hacking. I use Malwarebytes, and there are others.
Cheers, Dave
Dave Chu · Custom WordPress Developer – likes collaborating with Designers
- The forum ‘General Discussion’ is closed to new topics and replies.