Comments on: Avoiding The Hackers – Securing WordPress!

By: Sean Rosensteel MN

Sean Rosensteel MN — Mon, 20 Sep 2010 20:18:03 +0000

Nice post, Ben. This is great advice for anyone who wants to protect themselves against hackers. And remember to also backup your stuff because you just never know!

By: seo California

seo California — Thu, 02 Sep 2010 16:28:04 +0000

These are good tips Ben. WordPress can be notorious for getting hacked if a few precautions such as these are not taken.

I remember back when guestbooks were the “in” thing before blogs and those became a crazy spam infested app not even worth having anymore.

By: Ben Johnson

Ben Johnson — Mon, 05 Apr 2010 18:00:30 +0000

Hi Ronaldo,

Thank you, I’m glad to hear that. I haven’t used wp-robot much, only with clients websites. As a plugin though I would have to say ReviewAZON, I own both phpZon and ReviewAZON and RZon is fantastic, having said that though phpZon is undergoing a massive update and I’m sure Wade won’t disappoint.

Ben

By: Ronaldo

Ronaldo — Mon, 05 Apr 2010 17:26:13 +0000

Hi Ben!
Your blog for sure helps a lot of people to learn more about wordpress and the plugins.

I have WP Robot and what plugin should I buy to work with WP RObot?

Reviewazon or PhpZon?

Thanks
.-= Ronaldo ´s last blog ..Acai Berry Side Effects =-.

By: Ben Johnson

Ben Johnson — Wed, 03 Mar 2010 22:22:33 +0000

No problem Sallie, glad it helped :)
Ben

By: Sallie

Sallie — Wed, 03 Mar 2010 20:26:11 +0000

Excellent post! Thank you.

By: Jeff Jones

Jeff Jones — Tue, 02 Mar 2010 13:26:14 +0000

Oh yeah, I have enough DB experience to know when you start messing with table names you BETTER have a backup very handy-LOL!

It’s good to know that their manual instructions do work because they are clear and straightforward.

By: Simon Lewis

Simon Lewis — Tue, 02 Mar 2010 13:22:25 +0000

I eschewed any and all techno solutions to this and did it by hand – much easier that way, I was in control. Only had one issue on one site and that was through trying to be clever and not following the instructions – I forgot to do the wp-config edit. But backup taken before and after means that like Rochelle says, if you do go wrong, you can always go back to square one.
.-= Simon Lewis´s last blog ..Motivation =-.

By: Rochelle

Rochelle — Tue, 02 Mar 2010 13:17:20 +0000

Jeff,

I wasn’t able to use the plugin to change the tables, either. If you are going to try it manually, make sure you follow the instructions provided by the plugin to the letter. And, try it on a site that you don’t care about, in case it gets mucked up. And don’t forget to backup your database first, so you can restore it if it does get mucked up.

Rochelle
.-= Rochelle´s last blog ..Auto Content Cash Will Soon Launch, And I Have a Bonus For It =-.

By: Jeff Jones

Jeff Jones — Tue, 02 Mar 2010 13:04:25 +0000

Thanks for adding that, Rochelle.

I see that there is a link during the wp-security scan to a how to do it manually and it sounds like it combines what Ben and you have said.

My main concern was whether that plugin would change the wp-config.php file and I guess it does most of the time.

I’m still not sure how to change table prefixes using the plugin because I don’t see where you can specify what you want to change it to.

Jeff

By: Rochelle

Rochelle — Tue, 02 Mar 2010 11:44:48 +0000

Just wanted to add that I was finally able to manually change the prefix of my tables successfully. I had missed the step about modifying the wp-config.php file. All worked fine after I did that.

Rochelle
.-= Rochelle´s last blog ..Auto Content Cash Will Soon Launch, And I Have a Bonus For It =-.

By: Ben Johnson

Ben Johnson — Tue, 02 Mar 2010 09:31:23 +0000

Not sure, Jeff. It’s worked fine on the sites I’ve tried it on but I know people have reported problems with it so I think the best way to do it is either during setup of the blog OR by doing it manually through phpMyAdmin, the second can cause problems too though so have to to be careful.

By: Jeff

Jeff — Mon, 01 Mar 2010 20:50:16 +0000

I meant to ask…

What is the rough percentage of success with wp-security scan for change table prefixes successfully without blowing up a blog?

By: Jeff

Jeff — Mon, 01 Mar 2010 20:21:38 +0000

Thanks, Ben.

I’ve made almost all of the changes you’ve recommended to nearly all of my sites and I think that will go a long way but I just wanted to check to see if you thought SiteLock was worth the additional expense.

I’ll just keep updating and locking down my sites now.

Jeff

By: Ben Johnson

Ben Johnson — Mon, 01 Mar 2010 19:51:13 +0000

Hi Jeff,

Sitelock seems like a pretty neat service to help identify vulnerabilities within your WordPress installation, I’m not sure if it would be necessary for WordPress though.

I think with a few free plugins (such as login lockdown and wp security scan) along with making a few changes WordPress can be made very secure indeed.

Ben