1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

WordPress Security Tips

Discussion in 'Guest Articles' started by FirstPageResults, May 30, 2012.

  1. petermeadit

    petermeadit Membership: VIP

    Joined:
    Jul 13, 2012
    Messages:
    893
    Likes Received:
    153
    auDA Member:
    Yes
    Thanks Chris

    Yeah Chris it was a great talk, very inclusive...

    This might be a bit off topic, but how does the security requirements change if you use CiviCRM, do you know?

     
  2. chris

    chris Administrator

    Joined:
    Mar 7, 2010
    Messages:
    2,253
    Likes Received:
    829
    auDA Member:
    Yes
    Hi Peter, as long as you keep site backups and make sure everything is updated you'll be reducing the security risks.
     
  3. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
  4. chris

    chris Administrator

    Joined:
    Mar 7, 2010
    Messages:
    2,253
    Likes Received:
    829
    auDA Member:
    Yes
    Definitely plan on checking that one out, thanks!
     
  5. Cooper Mills DomainLawyer

    Cooper Mills DomainLawyer Membership: VIP

    Joined:
    Dec 11, 2008
    Messages:
    1,512
    Likes Received:
    515
    auDA Member:
    Yes

    Thanks for the link, I have been using another plugin but I havent seen much security software available for Wordpress
     
  6. DnEbook

    DnEbook Membership: VIP

    Joined:
    Jun 26, 2008
    Messages:
    6,295
    Likes Received:
    805
    After being hacked last year i use two plugins

    Wordpress Secure and Wordpress Firewall 2

    I get regular notifications of hacking attempts ......so far so good
     
  7. Blue Wren

    Blue Wren Membership: VIP

    Joined:
    Jan 23, 2012
    Messages:
    909
    Likes Received:
    107
    Recent Wordfence update is pretty good; Theme and plugin scanning is now free.
     
  8. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    Yes. Only issue i've found is they assume you have twentyten installed.

    I got about 125 "File Missing" notifications, on a few sites.
     
  9. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,402
    Likes Received:
    1,572
    auDA Member:
    Yes
    can you expand on that comment of " they assume.... " as i never use that theme, i use studio press themes so does that mean it doesn't work as well OR..... i have to keep doing something every update?

    in your experience with it.

    tim
     
  10. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    It works fine. It scans for default core WP files and notifies you if they have been changed or are missing.

    They seem to have included the twentyten theme as core WP files in the scan. (The scan assumes you have it installed)

    So because I have deleted it totally, it alerts me that these files are missing.

    You can simply tell Wordfence to ignore these missing files and it will be fine.

    It's a must use plugin for me on every site.
     
  11. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,402
    Likes Received:
    1,572
    auDA Member:
    Yes

    have you not found if you delete twentyten that when you update WP to new version wp reinstalls twentyten? so i have found its a waste of time deleting it!

    tim
     
  12. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    This has never happened to me. I always delete themes i'm not using as a security measure. And none have ever magically re appeared.

    You can always upload a theme via FTP and activate it via MYSQL if everything comes crashing down.
     
  13. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    Another tip, always update themes and plugins even if you are not using them. Even if they are deactivated.

    Update update update.
     
  14. findtim

    findtim Membership: VIP

    Joined:
    Dec 13, 2011
    Messages:
    7,402
    Likes Received:
    1,572
    auDA Member:
    Yes
    my tip NEVER update a theme or plugin on a clients site until you have done it on a test site.

    i have a test site that i do the first update on so if it stuffs up then i can find the problem rather then get phone calls from clients

    tim
     
  15. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    Yeah of course or backup.

    Just making a point of deactivated stuff getting neglected. All too common.
     
  16. DamianLondon

    DamianLondon Membership: VIP

    Joined:
    Jun 11, 2011
    Messages:
    154
    Likes Received:
    17
    Hi All

    definately a lot to consider with security when it comes to WP. Most owners develop using WP to complete sites / blogs on the cheap, so security and backups sometimes are left last on the to do list.

    After having multiple issues with one particular site I turned to Sucuri (http://www.sucuri.net/). Sucuri is a monitoring and malware removal service. You pay a yearly fee but if one of your sites gets hacked, they fix it for you.

    Other monitoring software I use includes WSD Security, Spammer Blocker, Threat Scan, Firewall and UserLocker. UserLocker is a bit of a pain in the A** at times, but it automatically locks logins for Admin if someone is trying to use your Admin login.

    D
     
  17. johno69

    johno69 Membership: VIP

    Joined:
    Nov 29, 2008
    Messages:
    2,664
    Likes Received:
    422
    auDA Member:
    Yes
    Wordfence does all this. And now free. I can't sing it's praises enough.
     
  18. DamianLondon

    DamianLondon Membership: VIP

    Joined:
    Jun 11, 2011
    Messages:
    154
    Likes Received:
    17
    Thanks, will check it out. Human intervention @ Sucuri is very good, but yes it does cost.
     
  19. DnEbook

    DnEbook Membership: VIP

    Joined:
    Jun 26, 2008
    Messages:
    6,295
    Likes Received:
    805
    To the russian hacker who tried no less than 39 times to hack my sites yesterday

    .......GET STUFFED

    It seems wordpress firewall 2 and secure wordpress did their job

    once more .......... GET STUFFED !
     
  20. Suzabro

    Suzabro Administrator

    Joined:
    Jul 18, 2012
    Messages:
    534
    Likes Received:
    119
    Security talk

    I agree the security talk at bendigo meet up was very valuable. Definitely going to be making changes to ensure my sites are secure and data is backed up.