Hi. One of my sites was hacked! Not happy. I do have a back up but not sure what to do. I reinstalled WP and then dropped everything from the public_html in the back up folder into the public_html folder on the server but no luck. What am I doing wrong? Need help!
Hi Kevin. Thank you for your reply. It was that bugger Hmei7. Hasn't this person got anything better to do with their time! Some people are simply idiots. I have made the site again from scratch. Didn't take that long. I think the problem was the username and password were too obvious. I have amended that error. Many thanks again. Mark.
No problem. I would recommend installing some security plugins and taking some proactive steps to ensure that it's more difficult to access your website. If you search for security on wpmods you should find some reviews of good plugins. Remember to change your username from admin, install login lockdown etc. Let me know if you are unsure of anything.
It restricts the number of times someone can enter the wrong login details. http://wordpress.org/extend/plugins/login-lockdown/
Thanks. Installed. PS: How do I change the username? It says the username cannot be changed. Do you think BackupBuddy is worth buying?
Login Lockdown is a phenomenal plugin. I also use ThreeWP Activity Monitor http://wordpress.org/extend/plugins/threewp-activity-monitor/ which is used to keep track of who is logging in, what they are doing and who is resetting passwords etc. It also shows unsuccessful logins, what passwords they used - a really useful tool that lets you know what is going on with your site from a security point of view. When you mentioned changing username, what were you referring to ?
Mark - I actually tested a plugin a few months ago that lets you change your username from admin directly in the admin area. I've just tested three security plugins and I can't find it. The quickest way to do it without a plugin is via phpmyadmin. WPMU have a good tutorial about this: http://wpmu.org/how-to-change-your-wordpress-username/
The easy way to change username: 1. Create a new account with admin privileges 2. Log in as a new user and delete the old account Changing username with plugins or via database is risky, I had few crashes doing it, so make a backup first. On the other site, check file and folders permisions on your server, check .htaccess for any weird code, change db prefix, move wp-config to parent directory, force admin SSL login.
Kris makes a good point. I know that WordPress advise doing this too. I must admit that I have always just changed the username via the database (chronic laziness!).
