124 – Guard Your WordPress Site Against Attacks
Announcements
WordPress Webinar – Add eCommerce to WordPress websites
- May 3rd, 10am EST
- We are going to talk about onsite vs. offsite credit card payments
- Different plugins that are available
- Different third party solutions that can be used
WordPress Developer Course
- Next 4 week course starts on May 6th
- Find out More!
Tools / Plugins
http://dribbble.com is a website where designers can show off what they’ve been working on. It’s a great site to get inspiration for your own design work.
Listener Feedback
Dave writes in and want to know how to transfer a website from a development location to a live server.
Guard Your WordPress Site Against Attacks
This past week there were major attacks to thousands of WordPress websites. Luckily most (99%) of the sites that were compromised where ones that had the username admin
Here’s the best way to protect your WordPress installations from being taken over from botnets:
- Remove admin as a username (see below)
- Create a strong password with special characters
- Update you wp-config.php keys
- Install Lock Down Plugin
- Don’t give others your administrator username/password. Create an editor account for additional users
Call To Action
Sign up for next eCommerce webinar
Hi Dustin, great show as always.
Apr 17, 2013Checkout “Duplicator” by LifeInTheGrid. It makes transfering a WP site super easy.
Also I would add CloudFlare as a must to protect a site.
charliemossI agree with both of these. I use Duplicator to migrate sites. I blogged about the process: http://optimwise.com/copy-migrate-wordpress-sites-with-the-duplicator-plugin/
Apr 18, 2013I’ve also been using CloudFlare and like it. I blogged about it too: http://optimwise.com/increase-wordpress-security-with-cloudflare-block-hackers-spammers/
Hi Dastin, the one joining the Webinar from Japan is me. 🙂 As you know, I reside in Singapore, but will be in Japan next week on holiday. The hotel we are staying has no wifi, apparently, so hoping to sneak out of the hotel at night (11 pm over there) to be online in an internet cafe.
Apr 18, 2013Anyway, thanks for the weekly podcast! I’ve been using WordFence since I heard about it on your show. Very easy to configurate. I used to use Login Lockdown, but no longer needed cos WordFence can do the same thing (and a lot more!).
JoeyF I’ve been using WordFence too. I used to use Limit Login Attempts, but no longer need that thanks to WordFence. I blogged about configuring WordFence at http://optimwise.com/wordfence-security-plugin-wordpress-firewall-anti-malware/
Apr 18, 2013One of my biggest sites got hacked exactly how you explained it. It has hundreds of user but as you suggested still had an admin logon lost in the list. It compromised pretty much the entire site, injecting code in the static pages as well as the database. It took 5 hours to fix just to find it hacked again the next day. I have now deleted the admin username and installed wordfence and have found myself hypnotised by its live logs. Easily blocking doubtful IP addresses and I activated the limit logon attempts. Since then I have had no issues.
Apr 18, 2013Every other site that was locked down was not affected, so my suggestion is to follow Dustin’s advice as it is very sound.
Thanks for another informative podcast.
Thanks good podcast
Apr 22, 2013Errol Nezar
I would like to sign up to participate for the May 3 webinar, but can not find out how to do so? can you help direct me in the right direction please?
Apr 25, 2013kpry44 Webinar details are always at http://yourwebsiteengineer.com/webinar. You can sign up there.
Apr 25, 2013