Hello Bigguy... I know that you are extremely busy but im faced with a big problem that I need you advice on.
I own a site, not a jamroom site... That is about sneakers, and many many sites similar to mine have been hacked in the past few days... Mine has not. I am using wordpress... And the sites that have been hacked have been using wordpress, and it appears that the hackers were able to steal the domain names along with shutting down the ftp and servers and what not...
I know that you are very knowledable with security... What can I do to make sure that the hackers cannot hack the site, yet alone take the ftp account and domain names and transfer everything out of my name...
I have searched the wordpress forums and they are not offering much advise. The thing that worries me is that my site is on the same server/ftp as my jamroom site... Ive invested too much money into my jamroom site to have it all taken away...
Joined: 09 Jul 2003
Posts: 37583
Location: Seattle, WA
Posted: 11/27/06 09:59
Wow.. sorry to hear that!
To be totally honest with you, I really don't know enough about server level security to be offering any specific advice on how to secure your server - but I can say that if Wordpress is insecure, then you're going to need to get a patch from them, or ask them how to secure your installation. Unfortunately there's really nothing you can do if Wordpress has a security hole in it.
Here's some general rules I always try to follow:
1. Make sure you use a separate database, with separate user and password for each of your database applications. Make sure the password something VERY hard - since you don't log into this account regularly (its an application account), there no reason to NOT have at least a 15 character password made of letters, numbers and punctuation.
2. Shut down FTP on your server, and use SFTP if it is available (if you have an SSH account on your server, then you have SFTP). FileZilla is a good SFTP client.
3. Make sure and secure your Control Panel login by taking advantage of IP Address restrictions, etc.
4. Make sure you make good, regular backups.
5. make sure your provider is running the latest versions of the server software - i.e. they are keeping up with updates on your server.
Beyond that it is really about being diligent, and making sure you are keeping a good eye on your server.