Since more WordPress users are becoming victims of malicious hacks which is usually occurring to users using older versions of WordPress. It is becoming increasingly important to keep vulnerable themes/plugins installed up to date. As well as follow the steps in this guide to reduce the risk of you becoming the next victim.

Users are reminded to follow these instructions to maintain a secure WordPress install.

 

    1. Keep a regular backup

 

    1. Manually upgrade the WordPress version to the latest version.

 

    1. Remove any vulnerable themes and plugins that are out of date or no longer used, also update them too.

 

  1. Read the additional security measures listed below and on our forum.

 

The latest version of WordPress available is 3.4.1. However, you cannot upgrade to the latest version via your server control panel. So if you are using older versions of WordPress, we strongly recommend you upgrade to the latest WordPress version. The following article will help you to upgrade the WordPress version: http://codex.wordpress.org/Updating_WordPress you can also watch this video.

Remember to keep a full website backup before attempting to update your wordpress software.

In addition to the above, please note the following security measures to prevent your WordPress sites from hacks.

Issue 1:

Did your site get hacked even after upgrading the WordPress version to the latest version 3.4.1 and removing vulnerable themes/plugins?

Solution

We found sites being hacked by editing the WordPress theme editor. To fix this, you can disable the WordPress theme editing option by inserting the following line in the wp-config.php file.

define(‘DISALLOW_FILE_EDIT’,true);

 

Issue 2:

Site was hacked due to using an outdated version.

Solution

It is very important for you to keep your WordPress software up to date, to see how Thexyz can help assist you with this please see the bottom of this post.

Issue 3:

Alternately, sites can also get hacked if your WordPress admin login credentials are compromised.

Solution

In this case, if the hackers are still logged in to your blog then resetting your WordPress admin password won’t help you. This is because their cookies are still valid. To disable them, you have to create a new set of secret keys. Please Visit the WordPress key generator https://api.wordpress.org/secret-key/1.1/salt/ to obtain a new random set of keys so that you can overwrite the values in your wp-config.php file with the new ones: http://codex.wordpress.org/Editing_wp-config.php#Security_Keys

You can also do WordPress hardening by referring to this link: http://codex.wordpress.org/Hardening_WordPress

What does Thexyz do to help?

Whilst we do ensure our own systems are secure, we have seen sites become infected through the use of third-party applications and plugins.  There isn’t any additional precaution or safety measure that we can place on the server-side to fix this, and we do what we can to support and educate customers on any potential threats. We do also offer additional weekly backup services for backing up your server automatically for just $6.99 per month. This way you just have to take care of the updates yourself.

What if I cannot manage WordPress updates myself?

If you can manage to check your email then, you can update your WordPress. We offer video tutorials from backing up to upgrading on our Youtube Channel.

Can you do this for me?

At Thexyz we can take care of keeping your server secure, server OS up to date, automatically backed up with a managed service, but this does not include keeping the third-party applications you choose to install on the server up to date. We have now offer Projects that can take care of the process for you for a reasonable price.

If you have any questions or comments, please feel free to leave one below or contact your account manager.