SiteLock and WordPress Hardening
- Thread starter Jib
- Start date
- 10,313
I have considered paying the fee for SiteLock but havent yet. I wouldnt upgrade beyond having the SiteLock seal on your pages, this is the real advantage I see to it, it gives a sense of security to visitors.
I could care less about their actual security capabilities, I have free plugins that are just as good for that.
I have no clue what "hardening" your site is.
- Thread starter
- #4
and here I thought site hardening was all the rage
Which plugins do you use for security? BulletProof gets good reviews, and Bad Behavior plugin looks decent
- 10,313
and here I thought site hardening was all the rage
Which plugins do you use for security? BulletProof gets good reviews, and Bad Behavior plugin looks decent
I use wordfence. Im not the most experienced with web pages, but it has worked well so far on the two that I do have.
I like how it shows all of my traffic, it even narrows it down to whos a human and whos a bot.
Hardening your site, if you have information you care about keeping private, is always a good thing.
In short, it simply means making it harder for hackers to hack the site and take it over.
Most wordpress sites are simply blogs and if you back them up, there really isn't a need to spend a lot of time or money in hardening the site, but, if you collect peoples info or earn money on your site, it can be well worth it. As with most things, there are companies that charge way to much for this, some companies that know what they are doing and some that don't have a clue but will gladly take your money.
I'm not a wordpress fanatic, so I don't know what is involved. The normal things are simply making sure passwords are all set securely, move the admin pages to a different directory so normal links don't work, and make sure some cross-scripting stuff doesn't work to gain access to the database.
This should mostly be done by the person who installed it, and definitely should be done if you paid more than $15 to have it installed. Doesn't mean it was though.
Dan
In short, it simply means making it harder for hackers to hack the site and take it over.
Most wordpress sites are simply blogs and if you back them up, there really isn't a need to spend a lot of time or money in hardening the site, but, if you collect peoples info or earn money on your site, it can be well worth it. As with most things, there are companies that charge way to much for this, some companies that know what they are doing and some that don't have a clue but will gladly take your money.
I'm not a wordpress fanatic, so I don't know what is involved. The normal things are simply making sure passwords are all set securely, move the admin pages to a different directory so normal links don't work, and make sure some cross-scripting stuff doesn't work to gain access to the database.
This should mostly be done by the person who installed it, and definitely should be done if you paid more than $15 to have it installed. Doesn't mean it was though.
Dan
- Thread starter
- #7
- 10,313
Just yesterday my security plugin Wordfence blocked an IP address that had 20 failed logins. Over the course of a week Wordfence usually shows around 3 to 4 failed logins. So it was unusual, but no harm done.
Not using "admin" (or some form of it) for a user name seems to be a good start for helping to secure your site. That is the user name that the majority of the attempts are under.
Then if you post on your site under an alternate username, so your regular UN doesnt show, there will be no way for a hacker to know what username to use to login.
Im sure there are ways to circumvent the login all together, but securing your login seems like the first best step.
After looking into it further, the attack on my site came from a server linked to a group called the "bergdorf group". It was just a bot that found the site.
A google search revealed this:
"ADDITIONAL REMARKS
Bergdorf Group is a well known malicious internet operation who appeared on the Scam Alert Radar by the end of 2010. Botnet operations reached a peak during April 2011 under the hospices Altus Host with 1250 hits on a single domain in less than 32 hours.
Bergdorf Group is apparently moving around between hosting providers and registrars. Recent countries involved in the provision of services to Bergdorf Group includes the Netherlands, Germany, United Kingdom, British Virgin Islands, Cocos (Keeling) Islands, Latvia, India, Pakistan and lately Serbia.
The most prominent service provider for Bergdorf Group during the past 12 months is Altus Host, who apparently do not enforce their policies or is only concerned about abusive behavior towards their own customers.
Trace route results to bergdorf-group.com at IP 91.224.160.24 on 2011-11-15:"
(the IP for them now has .35 at the end)
Last edited:
Most of the hackers are out of country, usually guys in internet cafe's in Africa looking for ways to use your site for redirects or gathering email addresses for spam and phishing. Once they gain entry they set up a backdoor, allowing them to come and go at will. Your information will be sold to folks in Russia, China, Germany, etc.
I'm not sure how much protection you are going to get from the SiteLock feature but I do think it is worth the $15/yr at HostGator.
The SiteLock icon is a cheap trust seal option which helps with conversion rates. It might not seem like a big deal on the surface and many people might not even consciously notice the icon but when everything is the same a page with a trust seal will get a higher conversion rate every time.
The SiteLock icon is a cheap trust seal option which helps with conversion rates. It might not seem like a big deal on the surface and many people might not even consciously notice the icon but when everything is the same a page with a trust seal will get a higher conversion rate every time.
Similar threads
