Page 1 of 1

WORDPRESS HACKED??? Check out the Security Measures...

PostPosted: Mon Jan 19, 2015 12:57 pm
by Vipin
WordPress security is serious business. Exploits of vulnerabilities in WordPress architecture have led to mass compromises of servers through cross-site contamination. WordPress extensibility increases its vulnerability; plugins and themes house flawed logic, loopholes, Easter eggs, backdoors and a slew of other issues.

In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. A separate inspection of the top-10 e-commerce plugins showed that 7 of them were vulnerable.

In Jul 2014, plug-in for WordPress actively targeted by hackers and was used to compromise an estimated 50,000 sites.


With that in mind, here are 10 things you can do to improve your WordPress security.

1. Use secure hosting
2. Update all the things
3. Strengthen up those passwords
4. Never use “admin” as your username
5. Hide your username from the author archive URL
6. Limit Login Attempts
7. Disable file editing via the dashboard
8. Try to avoid free themes
9. Keep a backup
10. Use security plugins

Individual installations of WordPress can be protected with security plugins.Users can also protect their WordPress installations by taking steps such as keeping all WordPress installation, themes, and plugins updated, using only trusted themes and plugins,editing the site's .htaccess file to prevent many types of SQL injection attacks and block unauthorized access to sensitive files.

Developers can also use tools to analyze potential vulnerabilities, including Wordpress Auditor or Wordpress Sploit Framework developed by 0pc0deFR. These types of tools research known vulnerabilities, such as a XSS or SQL injection. Some vulnerabilities can not be detected by the tools, so it is advisable to check the code from other developers.

Re: WORDPRESS HACKED??? Check out the Security Measures...

PostPosted: Fri Jan 23, 2015 9:57 am
by SIbinPhilip
Some more tips for securing wordpress.

1. Stop PHP Execution in WP-Content
2. Remove Unused Plugins & Themes
3. Delete Extra Accounts
4. Check File Permissions
5. Change PHP Security Settings
6. Force SSL Usage
7. Block Brute Force Attacks
8. Backup Your WordPress Site.

Hope this helps... :D :D