Main Area and Open Discussion > General Software Discussion
Wordpress and Hackers
MilesAhead:
I wonder if it's even legit. When I registered my domain I spent a couple of extra bucks to generate dummy whois info. Probably a waste of $2 but I thought I might get phone calls if my home info came up.
Looking up favessoft.com it shows it registered to
Julius Caesar, LLC
I wouldn't waste anymore of your time on it.
wraith808:
They actually got through enough to sort of screw things up. I fixed it easy enough... but I did some more securing and moved the root of the wp site... it's inconvenient, but it should secure it a bit more.
Stoic Joker:
For something with that level of exposure, I'd rename the admin account to something that was meaningful only to me. Then to be a total ass I'd create a bogus (HoneyPot) account with the default admin name that triggered an event to log as much information about said visitor as a browser session allows.
...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page... :D
wraith808:
It's not just renamed, it's deleted. I always make my account first as an admin, then delete the admin account.
But that last part is inspired... :)
Tuxman:
WordPress is known for its random security issues, but so are all larger web projects I know.
"Secure" your WP by renaming your wp-content folder and removing meta info from the log-in. I guess that already helps a lot.
And don't use too many plug-ins without having checked their code.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version