Web Hosting Forum Login
Not a member yet? Sign up

WordPress Security

  • HOME
  • FORUMS
  • WEB DESIGN
  • WEB HOSTING OFFERS
  • ADVERTISING
  • FIND A HOST
  • WEB HOSTING
  • QUICK MENU
  • REGISTER HERE - Join us for FREE
Results 1 to 13 of 13
  1. #1
    Join Date
    Jul 2016
    Location
    Hertfordshire, UK
    Posts
    683
    Thanks
    33
    Thanked 151 Times in 132 Posts
    Thumbs Up/Down
    Received: 310/3
    Given: 121/3

    Post WordPress Security

    Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.


    Brute Force Protection


    Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.


    Exploits


    Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
    UK Web Hosting | Reseller Hosting | VPS | Domain Registration | Affiliates
    100% Cloud Powered | 30 Day Money Back Guarantee | cPanel | 365 Day UK Support
    https://www.ljshost.com

  2. The Following 4 Users Say Thank You to LJSHost For This Useful Post:
    Emilio (07-09-2016),marcyslen (07-09-2016),Paul Wellner Bou (07-05-2016),WPCycle (01-12-2017)

  3. #2
    Join Date
    Apr 2016
    Posts
    32
    Thanks
    13
    Thanked 0 Times in 0 Posts
    Thumbs Up/Down
    Received: 1/0
    Given: 40/0
    Quote Originally Posted by LJSHost View Post
    Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.

    Brute Force Protection

    Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

    Exploits

    Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
    Exactly I often update my Wordpress version when a latest version is released.

    Beside using a wordpress plugin, there is an alternative to stop Brute Force? What about pingpack and trackback? I heard that it helped hackers to attack WP sites, right?

  4. #3
    Join Date
    Jul 2016
    Location
    Hertfordshire, UK
    Posts
    683
    Thanks
    33
    Thanked 151 Times in 132 Posts
    Thumbs Up/Down
    Received: 310/3
    Given: 121/3
    Those tools could be useful for hackers yes.

    An alternative to the brute force plugin would be to block access to WordPress admin page by using .htaccess to require a password to proceed to your admin login page.
    This solution can also be used with a brute force plugin for an additional layer of security.
    UK Web Hosting | Reseller Hosting | VPS | Domain Registration | Affiliates
    100% Cloud Powered | 30 Day Money Back Guarantee | cPanel | 365 Day UK Support
    https://www.ljshost.com

  5. #4
    Join Date
    May 2016
    Location
    France
    Posts
    725
    Thanks
    65
    Thanked 218 Times in 163 Posts
    Thumbs Up/Down
    Received: 453/1
    Given: 192/0
    A very good post about WordPress security at KeyCDN blog here

    But to answer to the thread, you should use a software solution like fail2ban instead of a plugin, as each plugin can be another security breach.

  6. #5
    Join Date
    Dec 2012
    Posts
    454
    Thanks
    548
    Thanked 247 Times in 114 Posts
    Thumbs Up/Down
    Received: 132/0
    Given: 730/0
    Thanks LJSHost for cool post!

    I would add a way to secure your wordpress site is block your wp-admin by htaccess file or protecting it by a function in your hosting control panel manager and just allow your IP address access it.

  7. #6
    Join Date
    Jun 2016
    Location
    United Kingdom
    Posts
    495
    Thanks
    22
    Thanked 97 Times in 85 Posts
    Thumbs Up/Down
    Received: 213/0
    Given: 59/0
    One of the major things that each wordpress owner should do is change the login directory to a very long and random string. this will prevent the finding of the admin panel in the first place or at least make it much much harder.

  8. #7
    Join Date
    Jul 2016
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thumbs Up/Down
    Received: 3/0
    Given: 0/0
    If you host your website on a vps or dedicated server install config server firewall and comodo WAF ruleset. This will help preventing a lot of attacks.

  9. #8
    Join Date
    Jun 2016
    Posts
    64
    Thanks
    32
    Thanked 4 Times in 4 Posts
    Thumbs Up/Down
    Received: 3/0
    Given: 67/0
    Quote Originally Posted by LJSHost View Post
    Brute Force Protection


    Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.
    I am sure this will work for wordpress sites but not sure it can protect a VPS from Brute Force Attacks

    Why don't we use a tool to stop Brute Force Protection on whole VPS instead of using for a WP site?

  10. #9
    Join Date
    Jul 2016
    Location
    Hertfordshire, UK
    Posts
    683
    Thanks
    33
    Thanked 151 Times in 132 Posts
    Thumbs Up/Down
    Received: 310/3
    Given: 121/3
    Application layer and Operating systems layers are two different things but they do share the same brute force security solutions,
    If a VPS has its own firewall this will block access to repeated login attempt's to mail and other system services, but access control to an application such as wordpress requires it's own security, as others have also said it's best double up the security using .htaccess controls also.
    UK Web Hosting | Reseller Hosting | VPS | Domain Registration | Affiliates
    100% Cloud Powered | 30 Day Money Back Guarantee | cPanel | 365 Day UK Support
    https://www.ljshost.com

  11. #10
    Join Date
    Nov 2015
    Location
    U.S.A.
    Posts
    449
    Thanks
    85
    Thanked 153 Times in 93 Posts
    Thumbs Up/Down
    Received: 156/0
    Given: 168/0
    Quote Originally Posted by LJSHost View Post
    Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.


    Brute Force Protection


    Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.


    Exploits


    Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
    Great information LJSHost! I don't think most people worry about the security of their WordPress websites or blogs until AFTER they have had a security problem. It's always a good idea to plan to help prevent security problems BEFORE they happen and not after like way too many people do.

    Also, thanks for sharing the Brute Force plugin. I wasn't aware of that particular one myself.
    ►► Follow me on TWITTER and keep up with my random and informative Tweets!_

    ►► Check out my personal blog site HERE for my attempts at writing random articles!

  12. #11
    Join Date
    Aug 2016
    Location
    India
    Posts
    17
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Thumbs Up/Down
    Received: 6/1
    Given: 0/0
    Great post LJSHost!, But i don't think that most of newbie cares about there website security that much as they tries to earn money through it

  13. #12
    Join Date
    Mar 2016
    Posts
    18
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Thumbs Up/Down
    Received: 5/0
    Given: 0/0
    Nice post, basically Wordpress is secured but theme and plugins used in Wordpress caused problem, therefore be careful while using any new theme or plugins and try to install unwanted themes and plugins.

  14. #13
    Join Date
    Aug 2016
    Posts
    204
    Thanks
    5
    Thanked 10 Times in 10 Posts
    Thumbs Up/Down
    Received: 56/0
    Given: 54/0
    I have had some brute force attacks a couple of years ago and they kept happening a couple times a month or so. Finally I decided to use .htaccess to only allow access to it from my IP and not from other IP's.

    This has worked great for stopping the attacks and it's easy to implement, even for people that are new and don't understand many aspects of websites including the .htaccess file.
    Check out ForumWeb.Hosting on Facebook, Google+ and Twitter @webdothosting

Newer Threads

  1. bknights
    VirtuBox
    Replies: 8 | Views: 428
    Last post by VirtuBox, 07-09-2016, 06:25 PM
  2. Steve32
    ExpertHosters
    Replies: 2 | Views: 167
    Last post by ExpertHosters, 07-06-2016, 12:50 PM
  3. Steve32
    nogics
    Replies: 4 | Views: 474
    Last post by nogics, 08-05-2016, 05:59 AM
  4. theshri
    peteynessx
    Replies: 7 | Views: 430
    Last post by peteynessx, 09-02-2016, 11:32 PM
  5. Moebuntu
    Deacon Jones
    Replies: 11 | Views: 1166
    Last post by Deacon Jones, 10-10-2016, 12:07 PM

Older Threads

  1. VirtuBox
    jwn
    Replies: 21 | Views: 2826
    Last post by jwn, 12-11-2016, 07:26 PM
  2. AliGibbs
    taanya
    Replies: 2 | Views: 166
    Last post by taanya, 08-02-2016, 06:54 AM
  3. Terrance
    amberhuntus
    Replies: 8 | Views: 465
    Last post by amberhuntus, 09-23-2016, 12:14 PM
  4. web3k
    web3k
    Replies: 0 | Views: 267
    Last post by web3k, 07-04-2016, 10:04 PM
  5. web3k
    web3k
    Replies: 0 | Views: 138
    Last post by web3k, 07-04-2016, 10:03 PM

Latest Threads

  1. WPCycle
    WPCycle
    Replies: 0 | Views: 39
    Last post by WPCycle, Today, 12:23 PM
  2. HostYourNet-DR
    HostYourNet-DR
    Replies: 0 | Views: 56
    Last post by HostYourNet-DR, Today, 11:30 AM
  3. HostYourNet-DR
    HostYourNet-DR
    Replies: 0 | Views: 40
    Last post by HostYourNet-DR, Today, 11:25 AM
  4. HostYourNet-DR
    HostYourNet-DR
    Replies: 0 | Views: 38
    Last post by HostYourNet-DR, Today, 11:24 AM
  5. HostXNow
    LJSHost
    Replies: 2 | Views: 73
    Last post by LJSHost, Today, 12:53 PM

Similar Threads

  1. meetdilip
    meetdilip
    Replies: 0 | Views: 300
    Last post by meetdilip, 04-19-2016, 07:00 PM
  2. Mihai B.
    meetdilip
    Replies: 3 | Views: 450
    Last post by meetdilip, 04-19-2016, 06:56 PM
  3. arronmattwills
    SenseiSteve
    Replies: 11 | Views: 668
    Last post by SenseiSteve, 01-13-2016, 10:21 PM
  4. Hostlumina
    ron13315
    Replies: 5 | Views: 779
    Last post by ron13315, 04-28-2015, 01:17 PM
  5. jdunhin
    Holly Nicole
    Replies: 1 | Views: 716
    Last post by Holly Nicole, 03-08-2013, 02:53 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Web Hosting Forum

ForumWeb.Hosting is a web hosting forum where you’ll find in-depth discussions and resources to help you find the best hosting providers for your websites or how to manage your hosting whether you are new or experienced. You’ll find it all here. With topics ranging from web hosting, internet marketing, search engine optimization, social networking, make money online, affiliate marketing as well as hands-on technical support for web design, programming and more. We are a growing community of like-minded people that is keen to help and support each other with ambitions and online endeavors. Learn and grow, make friends and contacts for life.

Community

The world's smartest hosting providers come here to discuss & share what's trending in the web hosting world!
Copyright ©2017, ForumWeb.Hosting. All rights reserved. Web Hosting Forum for webmasters, web hosting providers, designers and web developers.

Welcome to Forum Web Hosting

The World's Number 1 Web Hosting Community, Reviews & Services

Log in!

Continue with Facebook
Continue With Email. By signing up you indicate that you have read and agree to the Terms of Service and Privacy Policy.

Sign in Manually

Need an account? Sign up now!