Need help on how to avoid having WordPress hacked?

[rosiebrown0]

Hi, one of my client just set up a Word Press blog and understand hacking is a very real threat. And i advice him:
Bullet Proof Security - although it has it problems with certain wordpress themes

Given that I would like advice on two things:

(1) what plugin or other steps he need to reduce the hacking threat?

(2) How to back the site up on a regular basis in case it is hacked?

Thanks for your help.Login lockdown is really good, and I have never had a problem with it..

(1) what plugin or other steps I need to reduce the hacking threat?

(2) How to back the site up on a regular basis in case it is hacked?

Thanks for your help.

 

[Janja]

Hi Rosie, here are some things I would recommend.
1. do not use the user name admin!!! Use a good username and password with capital and lower case latters and numbers.
2. if you have the choice when installing wordpress, use a database prefix that is different from the default wp_
3. always update wordpress to the newest version, update all plug-ins and delete all inactive plugins
4. Firewall 2, Hide wp Version,Hide login, Exploit Scanner and the two you mentioned are great plug-ins.
5. I would recommend backupbuddy. You have to pay for it but you are able to backup your whole wordpress install and backup schedules happen automatic. I bought it because I wanted to build wordpress sites off-site until I have gotten paid. Moving it was such a hassle, so I invested in it. Now when I move the sites, I can chose the database prefix and easily move to sites including all theme settings, plugin settings, themes etc.

 

[leroy30]

#1 foolproof way is to not use wordpress ;P

 

[malwareremoval]

Help with wordpress

Janja gave you some really good starter tips. However there is a lot more that can be done. There are many security plugins available and you need to make sure your permissions are set correctly. Bulletproof security is good, but not necessarly easy for most people to configure.

Install, Firewall 2, malwatch, secure wordpress and mute screamer for starters. Remove any unused plugins and if you are using timthumb, install timthumb scanner and see if you are up to date.

Most hosting companies provide backup tools now days for free, use them. Don't leave backups on the server either or old copies of code/directorys. Get rid of any thing you are not using on the server.

And if you get hacked and need clean-up, security and monitoring - I do that on a daily basis.

 

[rosiebrown0]

Hi Rosie, here are some things I would recommend.
1. do not use the user name admin!!! Use a good username and password with capital and lower case latters and numbers.
2. if you have the choice when installing wordpress, use a database prefix that is different from the default wp_
3. always update wordpress to the newest version, update all plug-ins and delete all inactive plugins
4. Firewall 2, Hide wp Version,Hide login, Exploit Scanner and the two you mentioned are great plug-ins.
5. I would recommend backupbuddy. You have to pay for it but you are able to backup your whole wordpress install and backup schedules happen automatic. I bought it because I wanted to build wordpress sites off-site until I have gotten paid. Moving it was such a hassle, so I invested in it. Now when I move the sites, I can chose the database prefix and easily move to sites including all theme settings, plugin settings, themes etc.

Thank you janja..i'll work on it and suggest to my clients.