Hackers love to probe WordPress sites – How to stop them in their tracks

HackersThere was a time when the majority of sites that hackers focused on were government related, either defense contractors, utility companies or the like. Now, it seems as soon as a WordPress site is launched, it’s prone to attack.

Don’t get de-indexed

Cybercriminals seem to love probing themes, plugins, logins and php files for vulnerabilities. The fastest way to get de-indexed by Google is to let your guard down, allowing these guys to upload malicious script on your site.

The dreaded warning page

Cleaning it up after the fact can be a real pain, not to mention your site will be redirected to a warning page that says your site is unsafe – to continue on to the site at your own risk. And even then, after clicking to continue through, the warning pops up a second time.

The warning goes something like this. “Deceptive Site Ahead. Attackers on www. xxxxxxx .com may trick you into doing something dangerous, like installing software or revealing your personal identification (for example, passwords, phone numbers or credit cards). Google Safe Browsing recently detected phishing on xxxxxxx .com. Phishing sites pretend to be other websites to trick you.”

Wait until your malware protection kicks in

Wait until your malware protection catches on. You won’t even get to the warning page as it’ll block access to the site altogether.

And cybercriminals don’t just make one attempt and give up. They keep trying over and over and over. If you have your site locked down tight, no problem. If you’re not on your toes, updating every WordPress version, theme and plugin as soon as they’re released, you put your site at risk.

It’s not all on your hosting provider to protect your site

Working with your hosting provider helps to some degree, but for the most part, you’re on your own dealing with locking down a WordPress site. So what can you do to stop these guys in their tracks.

  • Use strong passwords not just for your Admin login but also for your databases
  • Modify the path for the Admin login
  • When new versions for WordPress, themes or plugins are released, update them immediately
  • Use a security plugin like WordFence or Shield WordPress Security
  • Setup a Honey Pot script if you’re not using the conventional Admin process, where as soon as these guys call http://mydomain/wp-admin/, their IP is automatically blocked via a .htaccess deny rule
  • Use secure scripts
  • Setup ModSecurity, but be aware that this can be time consuming to tweak just right.
  • Use a CSF firewall

Please remember that hackers can penetrate WordPress sites even if they’re completely up-to-date. As exploits are discovered, updates to protect sites from these exploits are rapidly developed and released to the general public, but for some this is too late.

Get rid of security loopholes

While owners of exploited sites think they should have been protected by their hosting provider, they’re actually helpless to many exploits because of security loopholes created by their users.

Sometimes you just need to hire a security expert

Sometimes, it comes down being forced to hire a security expert to determine how hackers are getting access to your site. Moving from one hosting provider to another won’t help as you’ll just take the problem with you. Your new hosting provider will love that (NOT).

Brought to you by ProlimeHost

We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.

VPS Services: Lightning Fast SSD Virtual Servers

Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.

That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.

Now is the time to join the ProlimeHost virtual private server revolution.

Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee

We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.

Steve

Leave a Reply

four × four =