Comments on: WordPress Security And A Plugin To Help You

By: Titan

Titan — Fri, 05 Dec 2008 09:25:55 +0000

I got hacked before that’s why I am more careful now. I regularly do back ups for my site content and I installed an intrusion detection system. but i will also try some of the tips you have mentioned here. Jedz

By: Kim

Kim — Sun, 30 Nov 2008 04:43:10 +0000

It does seem that 1 out of 5 posts you run into lately are on WordPress security issues. Thanks for the tips or reminders of areas that should be re-examined. I also wish Go Daddy would update their easy install/upgrade for WordPress more often – they seem to always be a couple of dot releases behind.

By: Skateboarding

Skateboarding — Fri, 28 Nov 2008 15:09:32 +0000

One of my blog got hacked and it managed to install malware on my site. Now whenever someone opens my blog, their system gets infected by malware. Google listed my blog as harmful and my rankings tanked.
I then had to clean all the blog, and password protect the wp-admin directory to keep things rolling.

By: Angel Moreno

Angel Moreno — Fri, 28 Nov 2008 06:46:22 +0000

I don’t want to be hacked so I’m taking all the measures you have suggested. Thank you so much. If it may help I use the plug in WP-DBManager to regularly back up my blog.

I just subscribed to your newsletter.

By: Game Economy

Game Economy — Tue, 25 Nov 2008 09:43:54 +0000

Good call on these security issues. Re: passwords – I use keepass to generate strong and random keywords. A simple two click process brings up Keepass, I select the sight I want to log into, and copy/paste. Hasn’t failed me yet.

Keep up the great work!

-Enzo

By: Jana

Jana — Sat, 22 Nov 2008 04:06:21 +0000

Thanks for the tips. They are very handy and I am off to download and install the plugin. I had someone hack into my hosting the other day so I am not going to take any more chances.

Jana

By: Ann Jade

Ann Jade — Tue, 18 Nov 2008 01:47:46 +0000

I was hacked once, and never recovered from it, even though I did have all of the posts. But preventive measures are always the best. I’ll get this installed right away.

Ann Jade

By: Donna With Genewize

Donna With Genewize — Mon, 17 Nov 2008 23:49:48 +0000

WOW, this is an incredible find (this post). All great stuff here. i’m going to have to spend some time on this blog, because I have 3 WordPress blogs now and I am not doing ANY of thee security measures!

it’s late, and I need to get to sleep, but I am wondering about the upgrading… I need to upgrade to 2.6.3, I have version 2.6. Is that worth it? Or wait for 7?

Also, Does the Automatic Upgrade plugin take a backup first?

Thanks everyone! i’ll be back…

By: Jody Palmer Model

Jody Palmer Model — Mon, 17 Nov 2008 03:03:11 +0000

Hi,

Thanks for the posts it’s very helpful, I am a wordpress user and my previous blog has been hacked but before it was hacked wordpress banned my blog and I contacted them about banning my blog and they said that I was trying to create multiple blogs, then I explained and told them that I only have 1 blog. They made my blog live again and after 1 week I cannot access my account but the blog is still there, so I decided to create a new one and change all my password.
http://jodypalmermodel.wordpress.com

By: Tom At The Home Business Archive

Tom At The Home Business Archive — Sun, 16 Nov 2008 22:03:53 +0000

Thanks for the tips.I downloaded the WordPress security plugin and ran it, it seems that everything is ok. I take a backup every week of all my blog files and store them on a USB-hard drive, just to be safe.

-Thanks,
Tom Lindstrom

By: become a freelancer

become a freelancer — Sun, 16 Nov 2008 12:10:28 +0000

Thank you for clearing that up for me. Your original explanation was clear, but I had it stuck in my head that the permissions influenced the comments. Now I understand. This has been a very helpful article.

Thanks.

Kelli Workman

By: Busby SEO Test

Busby SEO Test — Sat, 15 Nov 2008 15:04:54 +0000

Well said! My blog was hacked 2 days a go by Turkish for the reason I know not, i never know them nor get in touched with them yet all of sudden when I was trying to access my blog the screen has changed into dark background with the words This blog belongs to cyber hack…really pain in the ***

By: Case Stevens

Case Stevens — Fri, 14 Nov 2008 13:29:49 +0000

@Kelli
Maybe I wasn’t as clear as I should be, so I’ll try again.

WordPress allows you to set commenting or not plus some options (e.g. logging in).
For everyone who accesses your blog, you’ll want them to pass the options you’ve set in the Admin area. And you want to block ANY access to your files directly.

But…

…if the last digit of your file permissions on your server is a 7, then anyone can access that FILE directly, without going through your blog, thus bypassing all your Admin settings.

In other words, using FTP anyone can access the files and data that you used in your Admin area and overwrite or delete them, rather than using http to access your blog.

That makes you very vulnerable, or, as Tom says, “you might as well post your user name and password on your blog!”.

So, permission settings is NOT about who can comment in your blog.
Hope this is a better explanation.
Case

By: Case Stevens

Case Stevens — Fri, 14 Nov 2008 01:59:01 +0000

Hi Tom,
Thanks for chiming in and answering some questions. Always great to have the Master explain the topic himself.

By: become a freelancer

become a freelancer — Thu, 13 Nov 2008 22:53:50 +0000

Thank you for this great post. Would you please do just a little more explaining? When talking about permissions, you said that write has a value of 2. When you say write, are you talking about the ability to leave comments? I was told to set all my permissions to all sixes, but I wondered if that was really safe. You advised us to set the third number as a 4. Does that allow your visitors to comment on your blog?

Thank you for your patience and assistance.

Kelli Workman