Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo
- - - - -

How Do You Guys Monitor Your Blog Security?


  • Please log in to reply
6 replies to this topic

#1 lister

lister

    HR 5

  • Active Members
  • PipPipPipPipPip
  • 415 posts

Posted 08 April 2013 - 02:26 PM

My blog is doing pretty well, but I am worried about security -

 

Sure, we can take SQL back-ups etc etc and there are many other precautions we can take - and I am doing them all (pretty much).

My question is, how do we monitor that our site hasnt been hacked? The majority of hacks go unnoticed for a very long time until detection.

An example to check your site for having been hacked is to set up a Google alert with typical spam links that emit from your site - that is one method, i.e. look for male enhancement products and that sort of thing -

But is there a tool or process that anyone here uses to make sure that they are all good?

I use only 2 or 3 plugins that are all massively popular so that is all good and I implement restricted wp-login access, have cloaked my wp-content folder and a few other things as well...

 



#2 Jill

Jill

    Recovering SEO

  • Admin
  • 32,913 posts

Posted 08 April 2013 - 04:41 PM

There are many 3rd party monitoring systems out there. Try something like CodeGuard if you're concerned.



#3 lister

lister

    HR 5

  • Active Members
  • PipPipPipPipPip
  • 415 posts

Posted 08 April 2013 - 07:35 PM

yup looks pretty cool. Thanks for that.



#4 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,063 posts
  • Location:Georgia

Posted 10 April 2013 - 10:59 AM

Keep your Wordpress, Theme, and Plugins updated too.  All the security in the world MAY NOT protect you if you're using old code for which exploits have been discovered and blocked in later versions.

 

Use anti-spammer plugins, too.  They will help you block exploitable IP addresses (Akismet does not really do this).  If the hackers cannot get in through widely used open proxy servers then they cannot hack you.

 

Also, set up a firewall for your server or hosting account (if this is permissable) ensuring that only you and your hosting provider can change the files on your site.

 

Another option if you cannot set up the firewall is to use TCP wrappers (not available in all cases).  TCP wrappers allow you to ALLOW/DENY by IP address or hostname for many server processes.  It's similar to a firewall but more generalized.



#5 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 6,774 posts
  • Location:Blackpool UK

Posted 11 April 2013 - 12:05 PM

http://wordpress.org...rations-plugin/

 

Has IP blocking, SFS lookups, and more.

 

The current version of WordPress (3.5.n) has no known exploitable flaws, the same can't be said of all 'plugins'.and the "massively popular" ones are usually the first to be reverse engineered.

 

WordPress have a FAQ on security measures http://codex.wordpre...site_was_hacked

 

If you need a random password generator, there is a FireFox 'plugin' https://addons.mozil...ord-generator/.



#6 lister

lister

    HR 5

  • Active Members
  • PipPipPipPipPip
  • 415 posts

Posted 25 April 2013 - 11:08 PM

Yeah my point with the popular plugins etc is that the more eyeballs on it generally means that there is more chances of something being spotted.

Anyways - that aside - I discovered a good way is a program that basically creates a hash of all of your pages. If any code is inserted then you are sent an alert. Sounds pretty good. The project has been around for decades and seems to be very robust. Ill let y'all know.



#7 runningfast

runningfast

    HR 1

  • Members
  • Pip
  • 3 posts

Posted 27 September 2013 - 08:33 PM

There is many things you can do depending on the approach. There is one main thing though. If you keep your wordpress updated and the plugins updated (the good ones), you should never have a problem. Wordpress as far as publicly available pages is concerned has been safe for quite some time. There are some wordpress security plugins, there is many other things that can be done as well. 

 

Making sure PHP has limited access is one thing. There is many ways of doing this. I will guess you are on shared hosting though, but in case you have your own VPS or server you can do stuff in that area. 

 

There is an apache module called mod_security with tons of features, one of which checks for SQL data in a URL or input post. So even if your wordpress install was wide open as far as SQL injections are concerned, would stop it, they do a great job with the plugin. 

 

As far as XSS is concerned, you will usually find out about that pretty quick and shouldn't be much of an issue in wordpress these days unless some plugins are not escaping something. There is lots of more things you can do to, All the way up to buying an Oracle MySQL firewall (released not to long ago), which detects all kinds of stuff. People getting access to your DB is your biggest concern. (very expensive oracle product, i think around 10k an instance? Not quite sure).

 

Like I said though, if you keep everything updated, you need not worry, I would worry more about my cookies in the oven burning (don't you hate that). 

 

Have a nice day!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

SPAM FREE FORUM!
 
If you are just registering to spam,
don't bother. You will be wasting your
time as your spam will never see the
light of day!