One of our friend's site is hacked, he lost his database. To prevent this happens to you (who is of course using Wordpress), let me advise you to secure your Wordpress which is published on the internet. All credits should belong to the original poster.
add_filter('login_errors',create_function('$a', "return null;"));
- WordPress plugin – Using the WordPress AskApache Password Protect plugin.
- cPanel – If your hosting supports cPanel admin login, you can set protection easily on any folder via cPanel’s Password Protect Directories graphical user interface. Find out more from this tutorial.
- htaccess + htpasswd – Creating a password-protected folder can also be done easily by setting the folders you want to protect inside .htaccess and users allowed to access inside .htpasswd. The following tutorial shows you how to do it in 7 steps.
Keeping backup copies of your entire WordPress blog is as important as keeping the site safe from hackers. If the latter fail, at least you still have the clean backup files to revert.
- Enter the following URL in browser, without the quotes. "http://www.domain.com/wp-includes/" (change domain.com with your own domain name --Bonar)
# Prevent folder browsing Options All -Indexes
- Login to Dashboard often – A yellow notification will appear at the top of the Dashboard if update is available. Login often and keep yourself updated to the latest copy of WordPress core files.
- Deactivate and remove unused plugins – Unused plugin will eventually get outdated and may pose a security risk. If you are not using it, delete it.
- Subscribe to WordPress Releases RSS.
- Login to WordPress admin panel
- Go to Users -> Add New
- Add a new user with Administrator role, make sure you use a strong password.
- Log out of WordPress, re-login with your new admin user.
- Go to Users
- Remove "admin" user
- If "admin" have posts, remember to attribute all posts and links back to the new user.
More Useful Resources:
- Hardening WordPress (WordPress)
- FAQ on WordPress security (WordPress)
- What to do if your site is hacked (WordPress)
- Understand .htaccess and .htpasswd (Apache)
- Protecting the wp-admin directory (nicolaskuttler.com)
- Cleaning hacked WordPress installation (Blogsblogsblogs.com)