Viewing 8 posts - 1 through 8 (of 8 total)
  • Internet security – how can I proetect my blog for free/cheap?
  • chakaping
    Free Member

    Some suspicious activity on my WP blog – lots of new users mysteriously added.

    Now deleted and I’m changing password, but it’s not the first time this has happened.

    My hosting co recommended a plug-in called Sucuri but I think this is $120/year and the blog is non-commercial.

    I’ve seen a few references to CloudFlare – which apparently offers a free package.

    I’m not a techie though, so thought I’d ask the experts here.

    🙂

    Freester
    Full Member

    Can users register? Are they automatically added or do you have to approve them first? Were the mysterious new users automatically approved?

    My WP website got hacked once. My recommendation is keep the WordPress software and all plugins up to date. Create a new admin privilege user (different username to the default admin username) then get rid of the default ‘admin’ user. Make sure the admin password is STRONG and different to any other passwords you use.

    Advice on the WordPress codex (possibly a bit too techy):

    http://codex.wordpress.org/Hardening_WordPress

    JulianA
    Free Member

    Don’t know anything about WP or whether you can do any programming with it, but a simple question like ‘What is the opposite of cold?’ and a textbox for the answer might sort it out.

    Alternatively could you generate two random numbers and require the sum to be entered into a text box.

    Both of these assume some sort of registration process, obviously.

    Simple, but spam bots shouldn’t be able to get past it…

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    chakaping
    Free Member

    I should clarify, I’m talking about back end users.

    chakaping
    Free Member

    Create a new admin privilege user (different username to the default admin username) then get rid of the default ‘admin’ user. Make sure the admin password is STRONG and different to any other passwords you use.

    Sounds like a good idea, will look into it ta

    Freester
    Full Member

    Sounds like you’ve been hacked. In which case my original advice stands. New admin user with different username. Get rid of default admin user. Strong password. Keep the WP software, plugins and themes up to date.

    simon_g
    Full Member

    Agree with all that. Have a regular user for posting content, you shouldn’t need to use admin. Have an admin username that’s just a random string of characters, with a long/strong password.

    If your host can automatically patch WordPress (& plugins) for you, do so. The updates are frequent and if you have to do it yourself you’ll fall behind. If they don’t offer, consider switching to one that does.

    chakaping
    Free Member

    WP and plugins are all up to date.

    Will try the admin thing.

    No need for additional security plugins then?

Viewing 8 posts - 1 through 8 (of 8 total)

The topic ‘Internet security – how can I proetect my blog for free/cheap?’ is closed to new replies.