- This topic is empty.
Viewing 2 posts - 1 through 2 (of 2 total)
Viewing 2 posts - 1 through 2 (of 2 total)
- The forum ‘Other’ is closed to new topics and replies.
The forums ran from 2008-2020 and are now closed and viewable here as an archive.
I am sure I am not the first to have this happen to them and I not sure what the answer to this is. But recently, within 2 weeks of another, I seen 2 of my clients WP sites hacked into and there header files overwritten to show that your SITE HAS BEEN HACKED! Hahaha doesn’t this suck.
What can I do to protect my clients sites from this. Some what of a newby. Thanks -R
First off, are you using ADMIN as the admin user? You ought to use something different. I usually change it PER client.
Second, are you using strong passwords, even for your clients? It’s a must.
The third thing you can do is password protect the directory. This can be done via .htacess or done with your hosting provider. For some odd reason when I do this, I get a 404 on the WordPress admin so I shy away from it.
And the last thing you can do, is IP block all incoming requests to the /wp-admin/ directory except some IP’s which would be your clients and of course yours. This you can do once again, with a .htacess file.
This will certainly not make your site 100% IMPENETRABLE but it will cause the stuff you are experiencing from happening because lets be honest, a class A hacker wants to hack other stuff, certainly not your site. :p