Latest Announcemnent
New thread

Wordpress Security + Warning

Status
Not open for further replies.
L

Loonycgb2

Active Member
957
2011
239
0
To all the wordpress users,

Being in the web hosting industry i honestly hate wordpress as it is one of the worst vulnerable scripts possibly ever made.

The actual core script is some what secure, but the plugins and add-ons and even templates are hell for web hosting companies.

There is currently a PRIVATE exploit which is allowing people to not only somehow gain admin access, but from how i have seen it used they upload fake plugins which contain shells or use template editors on the admin to edit files.

They upload shells and to make it worse they gain access to your mysql db's by uploading a sql admin script.

Depending on server setup's some hosts can be easily r00ted or possibly get there mysql root passwords hacked due to cPanel/whm having root logins in plain text in the root directory.


To better help users should add the following:

  • Better WP Security (adds multiple functions to clear risks of hacks and also watches file changes)
  • ADD HTACCESS AUTHORIZATION TO ADMIN!!!!! This has to be one of the biggest things which would reduced hacks by 90%
  • Disable file uploads if they are not needed


I cannot help but tells users to better secure there sites as not many hosts keep backups at all.


It is not our job to secure your sites it is our job to secure our server from other sites being hacked. If you have any questions post here and they will be answered.
 
19 comments
+1 to Better WP Security. It has loads of features that can secure your wordpress to a max. possible extent.

Also remember to use passwords that are unique and strong enough. (min. 10 characters if you feel your site is important for you :P )
 
@Cometolearn, the plugin adds security rules to your .htaccess file to disable it's access. Once you install/setup the plugin, you can see all it's rules on the admin panel.

PS: Nice post Loony.
 
so we have to disable registration too..??
any way to block wp-login and wp-admin page from external access

but i still hope better security plugin is cool
 
Last edited:
You dont have to disable registration.

Just disable any option that would give a hacker any type of access to your files and/or server meaning file editors in the admin cp or upload options.
 
this one (from better security) , right..??
20130322040913151.png


---
thanks Loonycgb2 for giving recommendation <3

think we tried our most to protect, but (just think) our wordpress blog is Hacked, now Hacker have complete access to database, so he can do whatever with it..

so any way to make that database useless for him using any "Database Encrytion" because wordpress encrypt password only (not username or other things).
 
Last edited:
toRRfriend said:
this one (from better security) , right..??
20130322040913151.png


---
thanks Loonycgb2 for giving recommendation <3

think we tried our most to protect, but (just think) our wordpress blog is Hacked, now Hacker have complete access to database, so he can do whatever with it..

so any way to make that database useless for him using any "Database Encrytion" because wordpress encrypt password only (not username or other things).
Click to expand...


Please explain that again?

I'm sorry i just understood a hacker got into your blog, but do you want to know about database encryption?
 
@Loonycgb2
Yes buddy, how to encrypt database, because we can't stop hacker, if he want to hack means, whatever we do he finish :)
(talking about professional hackers, not kids)

so how to encrypt database buddy.


@Froomple
thanks froomple, changed to random words(other than dictionary words)


@showstopper
Use Incapsula (simillar like clouflare but better than cloudflare interms of security)
 
You cant encrypt your database, but you can encrypt the way your passwords are inserted, but unless you fully code the script to use it then it is impossible unless you do a full modification.

Also other good ways to help is use mod_sec
 
Status
Not open for further replies.
Back
Top