Quote:
Originally Posted by anexsia
This 
There's several decent security plugins like Wordfence, iThemes Security, etc that you could install (infact Wordfence saved my ass once and cleaned out some malware on one of my Wordpress installs, worked amazing.) - those plugins will usually protect your wp-login.php from bruteforce attacks, allow you to scan for malware, and some will keep track of any files that have changed. Also if you don't use it, disable XMLRPC.
Make sure you set the right permissions for your files and folders - and KEEP EVERYTHING UP-TO-DATE!!! I can't stress that enough! Don't use a lot of plugins (and keep them up to date) and do NOT use any "free" themes that you come across from searching via Google unless you know for sure they are clean (go through them with a scanner and open up files looking for any suspicious coding.
http://codex.wordpress.org/Hardening_WordPress
If this is on a VPS or dedicated server then I would hope you would already have a firewall setup, CSF, UFW, or just iptables without all that other stuff (or bare minimal lock down ports and install Fail2ban). You can install mod_security and look for wordpress rules. |
I didn't use many plugins.. Only thigs like Jetpack and a few other trusted stuff. But thanks. You also provided some information I can work with.
Next time is will be a lot harder for those bitches to attack us.
