WP Security Issues
Well, after nearly a week of sitting here I finally fixed all the posts to both my blogs. Asked for help and thank you GVO Tech team for all your hard work and patience in answering my questions.
I have to say thank you to the hackers, by placing their bogus links around my posts I had the opportunity to clean house. Dump the useless ones, the ones with old affiliate links for programs I no longer belong to and correct my spelling and grammar in a couple of places.
Plus I got to see how much I have grown in my business sense and writing skills, as well as my focus over the past two to three years. I have improved.
The problem with hacking gave me more to learn, at first it was argh, like I need to learn anything else right now, but…. I have made changes to my blog for security’s sake.
Here are a few things I learned:
The wp_config file is readable and hackable. The permissions needs to be changed so no one but you can write, read or execute. Then there are some code lines to add. Plus it is suggested to move it from the WP root, above this file.
Many of your trusted plug ins have issues that make them hackable. If you want to find out which ones there are a couple of plug in security checkers that are excellent. Once installed and ran, copy and save to a text file. Then email the vendors to let them know, sending a copy of the text line. Hopefully all vendors are open to hearing about the bugs.
Install the WP firewall. I did not white list my IP so I could find out if my computer was the issue. It had been once before because of spyware or adware. This time it was not. YEAH.
Which brings me to another good point. The adware, spyware, or what ever you wish to call it, transmits your computer information back to the creator. Those cookies that are left when you visit sites, install toolbars, addons to your browser, and installed software from some vendors. These collect and track your movements on your computer, internet activity, then transmit it back to the creator. Keep only those you know and trust. The rest delete them. Clean your computer, run a scan for all virus, cookies, and temp files. Regularly.
Keep your computer and network firewall up to date. Stay in communication with your host, ask for “their” assistance, check with them about their firewalls, security measures. They are there to serve you, you are paying them for the service. If you are not happy with that service, or cannot resolve those issues, time to find a host.
Which by the way I am very happy to recommend. GVO not only has a great tech team, but loads of services to help you build your web presence, make videos, conference software, affiliate income, a full service C Panel with loads of software. Host one or unlimited blogs, web sites, business sites, or personal video site. The limits are yours to set.
There are a few great plug ins to help with security and spam protection. But I am not willing to make the ones I am using public as this is another issue.
A very important part of installing WordPress is to remember to remove the install files as well as the readme.html file. It would not hurt to remove the txt ones either. You can download them to your computer and save them for later reference. But they are not a necessary part of the WordPress function.
Do not forget to check the permissions on your files. No one but you should be able to write to any of them. Check with WordPress.org for more installation and configuration information. I do not want to rewrite their work here.
This is the best resource for learning how to “Harden WordPress” Courtesy of the GVO Tech team.