Main Area and Open Discussion > General Software Discussion

Wordpress and Hackers

<< < (3/6) > >>

MilesAhead:
I wonder if it's even legit.  When I registered my domain I spent a couple of extra bucks to generate dummy whois info.  Probably a waste of $2 but I thought I might get phone calls if my home info came up.

Looking up favessoft.com it shows it registered to
Julius Caesar, LLC

I wouldn't waste anymore of your time on it.

wraith808:
They actually got through enough to sort of screw things up.  I fixed it easy enough... but I did some more securing and moved the root of the wp site... it's inconvenient, but it should secure it a bit more.

Stoic Joker:
For something with that level of exposure, I'd rename the admin account to something that was meaningful only to me. Then to be a total ass I'd create a bogus (HoneyPot) account with the default admin name that triggered an event to log as much information about said visitor as a browser session allows.

...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page... :D

wraith808:
It's not just renamed, it's deleted.  I always make my account first as an admin, then delete the admin account.

But that last part is inspired... :)

Tuxman:
WordPress is known for its random security issues, but so are all larger web projects I know.

"Secure" your WP by renaming your wp-content folder and removing meta info from the log-in. I guess that already helps a lot.
And don't use too many plug-ins without having checked their code.

Navigation

[0] Message Index

[#] Next page

[*] Previous page