Unfortunately, a ton of websites get hacked or defaced everyday around the Globe. I’ve seen statistics that state up to 90% of all hacked websites are related to (CMS) – Joomla or WordPress, at least those not related to compromised cPanel logins. And apparently Joomla gets hacked twice as much as WordPress. I personally would have suspected WordPress because of its massive popularity.
I believe all websites are vulnerable to attacks, but Joomla and WordPress more so simply because these are the top two content management systems on the market. There are shell / cracking scripts specifically written for both. These cracking scripts are installed using the default database table prefixes which are jos_ and wp_, and in the case of Joomla, FTP functions which are enabled but never used.
Some recommendations to help protect your websites:
Use secure passwords like 4#gty+TeQ^Rf37! (take the guesswork out of play). The more complex the password, the harder it is to brute force hack your site.
Change your default admin login. Don’t use ADMIN for your default username. Don’t use something easily ascertained. Make it difficult for the cybercriminals out there.
Delete all the stuff you don’t use, including themes, templates and plugins. This includes plugins like Hello Dolly and ASKIMET if they are not used.
With WordPress, disallow bots from scanning crucial directories by adding Disallow: /wp-* in your robots.txt file. And CHMOD your wp-config.php file to 640.
Keep your CMS websites updated to the latest version, as well as all plugins and recheck your security settings after each version update.
I would also highly recommend purchasing the PRO version of WordFence. Why? It blocks a ton of malicious attacks in real time, plus allows for country blocking AND runs at the endpoint.
From WordFence: “Wordfence runs at the endpoint, your server, providing better protection than cloud alternatives. Cloud firewalls can be bypassed and have historically suffered from data leaks. Wordfence firewall leverages user identity information in over 85% of our firewall rules, something cloud firewalls don’t have access to. And our firewall doesn’t need to break end-to-end encryption like cloud solutions.”
Brought to you by ProlimeHost
We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.
VPS Services: Lightning Fast SSD Virtual Servers
Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.
That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.
Now is the time to join the ProlimeHost virtual private server revolution.
Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee
We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement.
Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD storage.
Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.
Latest posts by Steve (see all)
- How data centers and web hosting providers are interconnected – What you need to know - February 21, 2020
- Trying to decide between a managed or unmanaged dedicated server? What you need to know! - February 21, 2020
- How SATA, SAS and SSD drives differ. What you should know. - February 20, 2020