How to protect a wordpress site from hacking?

N

nanny_ogg2018-05-30 10:45:08

Malware

nanny_ogg, 2018-05-30 10:45:08

The situation is this. The site has the All In One WP Security plugin, it periodically sends letters that someone is trying to log in, and blocks the user for a very large number of login attempts.
I created a new user, deleted the old one from which they are trying to log in. For some time there were letters that attempts were being made to log in under the old login, the other day a letter arrived that the new login was already being used to try to log in.
What is the likelihood that the site will be hacked, and what can be done in general in this situation?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vladimir Druzhaev, 2018-05-30
@nanny_ogg

All In One WP Security for the paranoid. I wouldn't use it. Just update the VP regularly. Do not install null plugins and themes. Update plugins and theme regularly.
Set limit login attempts https://wordpress.org/plugins/limit-login-attempts/ who will often knock from one ip - once a month, look into the blacklist at the server level.
on google captcha forms.
Use strong passwords for logins (12 characters: numbers, letters with different case, special characters), disable reg if your site is not a social network.
Plugins like All In One WP Security are a hole in your budget. With them, you pay for the increasing load to the hoster.

S

Sanes, 2018-05-30
@Sanes

The Plesk Onyx panel has fail2ban configured on the WP login form. Blocks at the server level.

L

lagudal, 2018-05-30
@lagudal

Strong passwords, change the path to the admin panel, or plugins, or read how to do it, you can also close the htpasswd admin panel.
But if through holes in plugins, themes, and even more so from nowhere, nothing will help.
I still try to monitor the files, by the time of the change. Allows you to take action at least in time.