What do you secure your website with?


#1

Hi guys!
I’ve recently seen many websites getting hacked and want to your opinions or ways that you use to secure your website. How do you protect your blog/website whether it’s Wordpress, Joomla, Drupal or custom.
Drupal guys I need you!


#2

As an admin of a Wordpress CMS powered website, I wouldn’t claim to know it all, but I know it starts with computer security of the admin, you know, keyloggers and all. Then there is updates. They need to be very on point. Cloudflare does it’s work of protecting you from hack attempts, blocks DDOS while at it. You also need a good host, (I don’t know how one would do this part by themselves) to know when there is a DDOS attack and block the IPs responsible from accessing the site.


#3

Hmm… that makes sense. Is there any plugin or something you use in Wordpress?


#4

Not exactly, Akismet does protect us from comment spam which can also be used to take a site down.


#5

You may want to check out Vaultpress


#6

Yes, good one… spam!


#7

Good one too! Vaultpress seems very useful. Is there any specific way you protect your backend?
Like denying access etc.


#8

You can add something like this

so that not just anyone can go directly to the default WP admin/user login page.


#9

How would you do that?


#10

see this


#11

Thanks! :wink: sorry for the delay, my exams just got over. :tada:


#12

WordPress hacks most of the time occur from security vulnerabilities from plugins installed. These hijackers are able to penetrate your installation and then get access to your CPanel account and do more damage by uploading scripts to the CPanel Instance (If your WordPress is running via CPanel ).

  1. Ensure your WordPress installation is updated to latest version possible along with its plugins. That way you’ll already have vulnerability patches.
  2. Avoid using easy passwords like admin2015. Have a complicated password like cH!zI_2%15.
  3. Try and use an encrypted connection to encrypt communication between your browser and WordPress Server. although the probability of your WordPress installation being snooped for clear text authentication over the internet would make you a high target.
  4. Remove unnecessary plugins.
  5. If your WordPress is running from a CPanel instance, ensure they are up to date - If not consider moving to a host who takes updates seriously!

And as @martingicheru says watch out for software on your PC that installs key loggers. Be careful not to repeatedly click Next when installing software since they come bundled with annoying Browser Addons that mess up your browser’s appearance and settings.

Not a WordPress Pro but I’ve saved a few friends with these tips!!


#13

Thanks! I’ll keep these points in mind when using wordpress. I’m not a pro too.