WordPress Security like a boss


Hello Vladimir,

Thanks for your cooperation. As far as I see, the folder with an outdated WP installation is removed from your account and all WP installations are up to date. So I’m going to mark this issue as resolved. However, I believe, WP security steps below can help you in future:

WP Security steps:

1. I advise you to apply chmod 600 permissions for the wp-config.php file. So that should protect that file from reading. As you know, you can do it via the FTP/SSH or using the “File Manager” web-application which is available for you from your account control panel.

2. I advise you to scan all computers you’ve accessed your account from for malicious software. Your passwords could be stolen by some virus/trojan malware.

3. Scan your network for malware as well.

4. Once you are sure that your computers aren’t infected please force password resets for all your accounts. You should reset the FTP accounts password as well as mysql users password. Be sure to use strong passwords like: Q_3{[+u.[7)2@#M
I believe, following online tool will help you to generate such passwords:
http://strongpasswordgenerator.com/

5. Please try to avoid accessing your web-site private areas from the public networks and be sure that your WiFi connection is secure.

6. Change the Default Admin Username to your own username.

7. Limit Admin access. You do that with help of the “Password Protect Directories” feature which is available from your account control panel.

8. Install CAPTCHA plugins which will protect forms on your web-site as well as login screens.

9. Remove all scripts/plugins/themes which were obtained from the non-trusted sources. Such plugins could be already infected, contain backdoor code or they could be poorly codded and due to this could be easily hacked.

10. Remove all old plugins/themes which aren’t in use or aren’t supported anymore.

There are many other steps you can take to protect your WP installation. I believe, following links will help you in future:

https://www.google.com/search?q=wordpress+security+guide

http://wpsecure.net/basics/

http://wpsecure.net/secure-wordpress/

http://wpsecure.net/secure-wordpress-advanced/

http://thesocialmediaguide.com/wordpress-blog/wordpress-security-guide

http://wordpress.org/extend/plugins/secure-wordpress/

This ticket will automatically close after a few days of inactivity. You also have the option of closing it via your Backstage -> Support -> List Tickets section.

Please, don’t hesitate to contact us if we can be of any assistance or if you have any questions.

Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *