More on WordPress Hacks
I came across this interesting article today that discusses how hackers exploit scripting vulnerabilities in software such as wordpress.
Remember that the only way we are going to fight these persistent hackers is to take the offense and educate ourselves on proper methods of increasing site security and protection.
Here are Seven Ways to Protect Your Site:
Seven Ways to Protect Your Website From Hackers
Those of us who are hackers would be offended by the article’s title. Hackers are ethical testers to find faults in systems so they can be corrected before unethical hackers (crackers) exploit them. So, this articles is really about how to protect your website from crackers.
Keep your files up to date.
Signing up for updates for scripts (programs) your site uses will let you know if there are any. You should use the latest update to protect yourself. This is often the reason the update is released. If you are unsure of the scripts used on your website, contact your web developer.
Remove unnecessary files. As your website changes, old files are ignored. They should be removed. Keep copies offline in case you wish to add them again, but remember to update any scripts. Old files are often indexed by search engines. So even if you do not link to those pages anymore, the search engines lists them for Internet users to find and visit. Automated programs to search for these files can find them to exploit them.
Implement passwords. Any sensitive files, databases or scripts should be protected. Please use passwords that are difficult to guess. Use letters AND numbers, and characters.
Include robots.txt. Create a file to tell search engines not to index files that are restricted to certain users.
Check permissions of uploaded files. Check with your web host if you are unsure.
Protect email addresses. If you ever got a strange email that tested your form or simply sent you an email to yourself, one of those spammer programs found your email address from your website or someone else’s. There are scripts to split up your email address, so spammer software programs cannot read them. Another way is to place your email address in an image or simply have an “Email us” link. I haven’t done this, but I didn’t have any problems until recently. I still want to make my contact information visible to my target audience.
If you sign guestbooks, go to forums or newsgroups, or share your email address with anyone else, your email address can be posted and shared all over the Internet. I often use several email addresses when making posts, because spammers look there first for email addresses. To spammers, a guestbook is an email address database. So use a Hotmail account for your email, but you can still include your web address in your signature. If the Internet user visits your site, the user can contact you using the link on your site. The spammers probably won’t visit your site, so the spam goes to the posted email address.
Include copyright information on the page and in the meta tags for every web page. Watermark all images. Keep copies of previous versions of your site with the last modified information intact. Save files on disks, so they can be retrieved. if necessary. Visit the WayBack Machine to find previous versions of websites, if you cannot find your files. Though the information is incomplete, it is better than nothing. Buy the copyrights to important files to protect yourself from competitors or other parties.