Question about Site / Server Security

[ebizwildfire]

Greetings,

The other day my entire server was hacked and all 27 of my sites had a black screen with a green skull and crossbones, and a note letting me know I had been hacked. Acckkkk!

Thank goodness, my host provider was able to help me restore my sites.

I am in the process of a huge event and hundreds of people are coming to my site every day. My host provider helped me install plugins to help speed up page views and reduce throttling.

MY QUESTION IS: What else can I do to protect my site and protect access to my hosting account.

Since they got into ALL of my sites at once, it seems that they access more than just my wordpress site.

Please help me protect my site as I'm sure this information will be useful for other forum members as well.

With MUCH appreciation,
D'vorah

[BrianLis]

D'vora,
Sorry you had that awful experience. I'd only say that WordPress is getting hacked more often because WordPress is so popular. Over 70+ million sites run WP.
http://en.wordpress.com/stats/

You have two options.
1. Secure your WP sites. There's a number of things you can do harden your WP site. Typically site get hacked by bots/computers looking for weakness. Usually a few tweaks can make a big difference.

2. Back up your site. I back up my sites to a 3rd party server. That way if my entire server crashes I have a back up in another location. And should a hacker get past #1, I can restore my site from back up and change all my credentials.

Unfortunately, securing your website beyond what WP & Genesis offer in addition to backing up your site are usually premium services. I can do both for you if interested. You can PM me. Otherwise you can Google solutions for both and you should be able to learn about both and make the changes yourself if your knowable with code.

[jp2112]

I do a few things:

• Regularly check my site with Sucuri
• Use Bad Behavior plugin
• Keep WordPress and all plugins up to date, as soon as updates are available
• Check for timthumb vulnerability
• Make regular backups of posts/pages and theme files
• Make sure folder permissions are 755 or less (more restrictive)

[jp2112]

Also, do you have access to your .htaccess file? There are some things you can do there to help secure your site.

[BrianLis]

JP had some good ideas there as starting places. Still you'll most likely need pro help to clean a site in most cases. I'm going to close this thread. Open a new one if there are more questions.