Hacke
d
What Happened
Three WordPress sites hacked in a week
Each hack redirected the site to a different website, some that spread malware
The fix - in each case, deleted WordPress completely and rebuilt from a fresh, clean install and from backups
One site had a hack attempt while being rebuilt
WordPress Security: Making Your Site Harder for Hackers to Hack
and Easier for You to Recover if they Do
A WordPress site needs care and feeding.
You need to monitor it.
You need to keep it up to date and current.
You need to perform regular backups.
WordPress Security: Making Your Site Harder for Hackers to Hack
and Easier for You to Recover if they Do
WordPress Security: Making Your Site Harder for Hackers to Hack
and Easier for You to Recover if they Do
Never, never, never use the default username “admin”
Use strong passwords
Upgrade to the latest version of WordPress
Host your WordPress site with a reliable web host who practices good security and has good, reliable tech support
Backup your site regularly to your own computer - not on the web server Database Uploads files .sql backup .xml backup
Backup options: Manual Automated and plugins
WordPress Security: Making Your Site Harder for Hackers to Hack
and Easier for You to Recover if they Do
Restoring from Backups - Sometimes it goes smooth and easy, sometimes not.
Backup files can get too big to reimport without resorting to trickery.
Keeping your blog clean to minimize bloated backup files. Consider drafting your posts in a basic text editor outside of WordPress.
DO NOT USE WP PHPMYADMIN - IT HAS BECOME A SECURITY THREAT
Document your plugins and how you have them configured. Document your widgets. Document your menu structure
Plugins can be a vulnerability too. Don’t go overboard on them. Be careful with the plugins you select.
Upgrade plugins too http://wordpress.org/news/2011/06/passwords-reset/
Protective plugins WP Security Scan WordPress Firewall WP File Monitor
Follow WordPress.org on Twitter - security notices
WordPress Security: Making Your Site Harder for Hackers to Hack
and Easier for You to Recover if they Do
.htaccess files
Database table prefix
Hide Your WordPress version number
Prevent multiple login attempts
More... http://www.mauiwp.com/2011/06/wordpress-security/
Advanced WordPress Security
Advanced WordPress Security
http://www.packtpub.com/wordpress-3-ultimate-security/book
Scan Your Site
If you think you may have been hacked, scan your site:http://sitecheck.sucuri.net/scanner/