Sunday, 12 August 2012
Since more WordPress users are becoming victims of malicious hacks which is usually occurring to users using older versions of wordpress. It is becoming increasingly important to keep vulnerable themes/plugins installed up to date. As well as follow the steps in this guide to reduce the risk of you becoming the next victim.
User's are reminded to follow these instructions to maintain a secure WordPress install.
- Keep a regular backup
- Manually upgrade the WordPress version to the latest version.
- Remove any vulnerable themes and plugins that are out of date or no longer used, also update them too.
- Read the additional security measures listed below and on our forum.
The latest version of wordpress available is 3.4.1. However you cannot upgrade to the latest version via your server control panel. So if you are using older versions of wordpress, we strongly recommend you upgrade to the latest wordpress version. The following article will help you to upgrade the wordpress version: http://codex.wordpress.org/Updating_WordPress you can also watch this video: http://forum.thexyz.net/viewtopic.php?f=38&t=1680
Remember to keep a full website backup before attempting to update your wordpress software.
In addition to the above, please note the following security measures to prevent your wordpress sites from hacks.
Did your site get hacked even after upgrading the wordpress version to latest version 3.4.1 and removing vulnerable themes/plugins?
We found sites being hacked by editing the wordpress theme-editor. To fix this, you can disable the wordpress theme editing option by inserting the following line in wp-config.php file.
Site was hacked due to using an outdated version.
It is very important for you to keep your WordPress software up to date, to see how Thexyz can help assist you with this please see the bottom of this post.
Alternately, sites can also get hacked if your WordPress admin login credentials are compromised.
In this case, if the hackers are still logged in to your blog then resetting your wordpress admin password won't help you. This is because their cookies are still valid. To disable them, you have to create a new set of secret keys. Please Visit the WordPress key generator https://api.wordpress.org/secret-key/1.1/salt/ to obtain a new random set of keys so that you can overwrite the values in your wp-config.php file with the new ones: http://codex.wordpress.org/Editing_wp-config.php#Security_Keys
You can also do wordpress hardening by referring to this link: http://codex.wordpress.org/Hardening_WordPress
What does Thexyz do to help?
Whilst we do ensure our own systems are secure, we have seen sites become infected through the use of third party applications and plugins. There isn't any additional precaution or safely measure that we can place on the server-side to fix this, and we do what we can to support and educate customers on any potential threats. We do also offer an additional weekly backup services for backing up your server automatically for just $6.99 per month. This way you just have to take care of the updates yourself. We have created a video on making a full website/database backup here: http://forum.thexyz.net/viewtopic.php?f=85&t=1679
What if I cannot manage WordPress updates myself?
If you can manage to check email then, you can update your wordress. We offer video tutorials from backing up to upgrading on our Youtube Channel.
Can you do this for me?
At Thexyz we can take care of keeping your server secure, server OS up to date, automatically backed up with a managed service, but this does not include keeping the third party applications you choose to install on the server up to date. We have now developed TweakDorks that can take care of the process for you for the reasonable price of $25: http://www.tweakdorks.com/shop/wordpress-updates/
If you have any questions or comments, please feel free to leave one below or contact your account manager.
We have secured great discounts on domains for the rest of month. Mar ch Domains Discounts Enjoy unbelievable discounts on your p...
We tested a bunch of FTP clients for iOS devices and found these to be the best. Most of them cost between $1 to $5 but we found the small p...
Over the past few weeks our system administrators have detected an unusually high amount of traffic towards WordPress login pages. We h...
With Thexyz Webmail you have the choice of using your own domain or one of our domains. Using your own domain offers more features and ben...
Thexyz Server have added the latest stable release of PHP to Thexyz Server web hosting Control Panel. You can now use the current stab...
- ► 2016 (23)
- ► 2015 (34)
- ► 2014 (40)
- ► 2013 (41)
- Introducing TweakDorks
- Six Months Free Hosting with Every .NET Domain @th...
- Review Of Thexyz Cloud Backup App
- @HomeDepot hits the Social Media nail on the head ...
- Keeping Your WordPress Site Safe From Hackers
- Subscribe to Thexyz
- Thexyz Cloud Now Available As Free App For iPad An...
- .PRO Domains Now Available At Special Introductory...
- ▼ August 2012 (8)
- ► 2011 (69)
- ► 2010 (52)
- ► 2009 (11)