Security for Wordpress Websites

scagnt83 said:
Good advice. I think I will do that today.

I also added Silence is Golden Guard since WF doesnt protect your plugins like it does.
- - - - - - - - - - - - - - - - - -
WARNING!!!!!!!!!!!!

If you install Silence is Golden Guard be VERY careful and backup everything before you do.

It has totally wrecked sc-lifeinsurance plus my other site that is on the same host plan.....

I would not recommend it based on what I am currently going through.

I have even totally deleted the plugin from my server files... its better, but its still f#cked...

:mad::mad::mad::mad:
Click to expand...

Silence is golden guard, don't just haphazardly check all the checkboxes, sort of feel like it's my fault for not going into more detail with it.

The attached jpg shows in red the options you want checked, don't check the top two, they can bork up your system unintentionally.

After that click update.

Always, always always make a backup.
 

Attachments

  • silence_is_golden.jpg
    silence_is_golden.jpg
    47.2 KB · Views: 13
ksigmtsu said:
Silence is golden guard, don't just haphazardly check all the checkboxes, sort of feel like it's my fault for not going into more detail with it.

The attached jpg shows in red the options you want checked, don't check the top two, they can bork up your system unintentionally.

After that click update.

Always, always always make a backup.
Click to expand...

So any suggestion on how to fix it now?
I deleted it from my server files, and I am not getting the excessive redirect message anymore. But it wont take me to my wpadmin login. It just redirects back to the main site.
Plus all of my CSS is gone, and my other site on the same hosting plan is now redirecting to sclife...
 
scagnt83 said:
So any suggestion on how to fix it now?
I deleted it from my server files, and I am not getting the excessive redirect message anymore. But it wont take me to my wpadmin login. It just redirects back to the main site.
Plus all of my CSS is gone, and my other site on the same hosting plan is now redirecting to sclife...
Click to expand...

First thing I'd suggest is asking your hosting company to restore a backup from 24-48 hours ago or farther if they have one.

Past that, I'd look for the index.php file in the wp-admin directory, and in your other root directory, and see if they're the ones silence is golden puts in and delete them. Once you get in, I'd reinstall the plugin and set the settings like I show in the picture, then run it again and see if it fixes itself.

Does the http://yoursite.com/wp-login.php work, rather than trying to proceed directly to the admin folder?
 
ksigmtsu said:
First thing I'd suggest is asking your hosting company to restore a backup from 24-48 hours ago or farther if they have one.

Past that, I'd look for the index.php file in the wp-admin directory, and in your other root directory, and see if they're the ones silence is golden puts in and delete them. Once you get in, I'd reinstall the plugin and set the settings like I show in the picture, then run it again and see if it fixes itself.

Does the http://yoursite.com/wp-login.php work, rather than trying to proceed directly to the admin folder?
Click to expand...

Thanks for the suggestions. I am just now able to take a look at things again. I am waiting to see if the hosting company can restore it.

I am not able to access my wp-login.php it just redirects me to my homepage.

Hopefully my host can come through. If not I guess I am back to the root directory.

Thanks for the suggestions.
 
scagnt83 said:
Thanks for the suggestions. I am just now able to take a look at things again. I am waiting to see if the hosting company can restore it.

I am not able to access my wp-login.php it just redirects me to my homepage.

Hopefully my host can come through. If not I guess I am back to the root directory.

Thanks for the suggestions.
Click to expand...

WordPress › Silence is Golden Guard « WordPress Plugins

and...

There is a very strong recommendation to make full backup of your blog before you activate SIG plugin. If you have development copy of your blog at the same webhost I recommend you to give a SIG plugin first try at the test environment as there are small amount of incidents when with redirection to site root option turned on automatically created empty index.php file caused endless redirect loop and prevents site loading. It could be the case if you use child theme and theme_name-child folder has not its own index.php file and some other cases which are not isolated yet.
 
Last edited:
My wife does websites, told her to read this thread. Her comment to share was:

Suggest that they can scan their website for malware, free at Sucuri Security and their security monitor service is inexpensive ($90/year for 1 website)
 
Security Alert For All WordPress Users

Avoid Being Hacked
Hostgator have reported on this recently and advised you take action as follows:

Learn how to change your WordPress login username.
Change your password
Create full backup of all your files and website content (database)
Install a security plugin which provides limit login attempts or an all in one security plugin like Wordfence which also includes limit login attempts. Probably won’t help much with this botnet but may prevent others. See Note below.
Update all your themes, plugins and core WordPress files.
These are simply 5 of the best ways to secure WordPress and avoid the experience of finding out your site has been hacked and filled with malicious code.

Changing Your WordPress Username

One simple solution to fix this vunerbility is to change your WordPress login username.
Add New User

Login to your Dashboard (admin page)
Go to Users > Add New and create a new user for yourself. Make sure the role is as an Administrator and at least 10 digits long like your password.
Create a new password which is at least 10 digits long. Make it even stronger by using both upper and lower case letters, numbers and symbols like ! ” ? $ % ^ & ).
Delete Your Old Administrator Profile

Once you’ve setup your username on your new admin profile, you’ll receive a password for this user. You can now login and delete your old admin user profile and attribute the posts to your new profile.

Login using your new details and navigate to the Users > All Users screen
Select your old admin user and delete it
Attribute All Posts To New User

The final step you need to take is to make sure all your posts are attributed to your new user profile.

When you delete your old user profile for admin, you be asked “What should be done with posts and links owned by this user?”
 
You must log in or register to reply here.

Similar threads

M
I need 3 websites
2
Replies
12
Views
5K
Joemyager
Joemyager
S
Any Experience with HubSpot CMS (websites)?
Replies
0
Views
3K
scagnt83
S
adre
Best Insurance Forums - Top Insurance Subforums in 2023
Replies
3
Views
3K
goillini52
goillini52
Travis Price
Literally the laziest (and I mean that in a good way) to find topics for content
Replies
5
Views
3K
gregj
gregj
C
How To Include Keywords For Financial Advisor Websites
2
Replies
11
Views
8K
marindependent
marindependent

Latest posts

Back
Top