Combatting Hackers, Help!

[rlitts]

I am sure I am not the first to have this happen to them and I not sure what the answer to this is. But recently, within 2 weeks of another, I seen 2 of my clients WP sites hacked into and there header files overwritten to show that your SITE HAS BEEN HACKED! Hahaha doesn’t this suck.

What can I do to protect my clients sites from this. Some what of a newby. Thanks -R

[OniLinkCR]

First off, are you using ADMIN as the admin user? You ought to use something different. I usually change it PER client.

Second, are you using strong passwords, even for your clients? It’s a must.

The third thing you can do is password protect the directory. This can be done via .htacess or done with your hosting provider. For some odd reason when I do this, I get a 404 on the WordPress admin so I shy away from it.

And the last thing you can do, is IP block all incoming requests to the /wp-admin/ directory except some IP’s which would be your clients and of course yours. This you can do once again, with a .htacess file.

This will certainly not make your site 100% IMPENETRABLE but it will cause the stuff you are experiencing from happening because lets be honest, a class A hacker wants to hack other stuff, certainly not your site. :p

[Author]

Posts