Comments on: WordPress Security is Not Just About WordPress

By: Twitter Account Hacked | Create an Awesome Home Business

Twitter Account Hacked | Create an Awesome Home Business — Thu, 25 Feb 2010 05:33:19 +0000

[...] following the principles I wrote about here I ran Malwarebytes and AVG to check for any nasties on my machine and then changed the passwords of [...]

By: Martin

Martin — Tue, 12 Jan 2010 11:14:09 +0000

Hi Kevin,

Yes – those plugins do good jobs, but the message is that you need to pay attention to your PC and all the other ways people could get access to your site files.

Of course you need to keep your WordPress installation secure, which means taking all sensible steps including keeping both it and your plugins updated (which I omitted to mention above).

But all that comes to nothing if the hackers can access your site via your FTP login details.

So you need to think security in everything you do on your PC and online.

Cheers,

Martin.

By: Kevin Hayes

Kevin Hayes — Tue, 12 Jan 2010 03:29:40 +0000

Wow...thats scarey..... I have a plugin to limit login attempts and a plugin called bad behavior....wp security scan too. I hope that is enough to stop this from happening to me. I have no clue what you were talking about to fix her site. I would be lost if that happened to me. Columbia SC Mortgage .-= Kevin Hayes´s last blog ..So….Should I lock my rate or wait it out? =-.

By: Martin

Martin — Wed, 06 Jan 2010 23:33:39 +0000

Exactly my point

Cheers,

Martin.

By: marvin

marvin — Wed, 06 Jan 2010 00:06:09 +0000

My blog was hacked also on my previous host. Seeing that index.php with bunch of other files were changed, I considered moving on a different server. Thankfully I have a backup of the database before the attack.

Unfortunately, currently, my new server is down for hardware upgrades (bummer).

Hackers will always look for way to get in to your site. So we should guard every possible entry.

By: Martin

Martin — Tue, 05 Jan 2010 22:47:58 +0000

Yes – this stuff is scary.

The problem is, of course, that we’re only ever playing catch up with the bad guys. I learnt that when I was running a fraud control department many years ago.

It’s also why some companies have hired hackers in the past to test their security systems.

Unfortunately the reality is that the hackers, spammers and scammers are always going to be one step ahead – which is why I said that if someone is determined to hack your account they will.

Cheers,

Martin.

By: Martin

Martin — Tue, 05 Jan 2010 22:44:06 +0000

Sorry to spoil your evening

Yes – Filezilla does a great job!

And definitely your cPanel login, although as part of sorting out my customer’s blog I discovered that (on Hostagtor at any rate) your cpanel login is linked to your FTP login. Change one and the other changes as well.

Martin.

By: Keith Davis

Keith Davis — Tue, 05 Jan 2010 18:03:25 +0000

Oh Martin
I was having such a pleasant evening until I read this!
“You need to consider your PC and your FTP accesses”
Good point and I might add… your Cpanel login if you use Cpanel.

BTW Filezilla has an FTP over explicit TLS/SSL setting, which my host tells me is secure.
Keith Davis´s last blog ..Ooh la la…

By: corrie

corrie — Tue, 05 Jan 2010 16:41:31 +0000

Wow, Martin. Once again this stuff is scary. I guess I need to do some extra prayers over my computer, along with the above suggestions.

This is why I have an RSS feed to your site.
corrie´s last blog ..One Benefit of Asperger’s Syndrome