anything i should do to not be able to get hacked?

  • I just installed wordpress and wasnt sure if I am supposed to delete the install files. I did anways, wp-admin/install and install-helper.php, but did you ahve to? and also what about installcss and the upgrade files?

    Other then that, do you think I should add a .htaccess file or anything? I’m quite scared, because I just got hacked 4 days ago, (wasnt using wordpress but something else) and so I just dont want to get hacked again. So if I could, what would I need to do to make sure everything is secure with this wordpress?

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)

  • No problem with deleting upgrade.php and install.php unless you might need them again and they get replaced when you upgrade. Delete away on those two.

    Security is a contentious topic and opinions will differ (and they should). IMO, Unless you have to, don’t screw with htaccess. There are other reason you might have to (permalinks, really annoying bot crawlers), but security is not one of them.

    I’d suggest you find your web server error logs and access logs and if your up to the challenge some statistics at the server level. Your host may already provide that. Read those stats. Comment spam or trackback spam is not a “security issue”, just a royal PITA. There are plug-ins to help but spammers don’t break in (last I heard), they just want to spam.

    I’ve deleted the wp-trackback.php and wp-comment.php files in times past on some sites. WordPress soldiers on. I’m NOT suggesting YOU do that, but you can if you need to.

    here is more info

    Hardening WordPress

    Another point: Strong passwords. Don’t use a word or simple number combo as your admin password. Make it either totally random letters and numbers, or make it a string of different things that is very long. The number of times people get “hacked” simply because someone guesses their password is a large percentage of the cases that occur.

    Outside of WordPress itself, make sure the server you are using the program on is up to date with security patches for PHP, MySql, Apache, and any other core CGI programs/scripts that are being used. If you aren’t able to check this, ask your hosting company.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘anything i should do to not be able to get hacked?’ is closed to new replies.