Wordpress SEO - What are you looking for?

If you're looking for answers to SEO or wordpress related questions, type in a phrase and wait for hints or click enter! The results also show links to external sources.

161 articles in the database

Securing WordPress from hacker attacks

[ Article content is protected by Plagiashield ]


WordPress as the most popular blogging platform (and not only) is exposed to all kinds of attacks from websites hackers and malicious robots/scripts. A mass of WP installations a day get hijacked or infected soThat the owners do not pay much attention to any kind of updates. In this article I will suggest like recognize that our website was hacked, co in such a situation and I will also give some preventive advice on how to before to prevent them. 

Securing WordPress from hacker attacks


Source : http://wpsmackdown.com

Mostly introduced logins During hacking attempts (e.g. during so-called "Brute Force attack") are: admin, test, admin, root. When it comes to passwords are: admin, 123456, 666666, 111111, 12345678, qwerty, 1234567, password. So avoid them as much as possible.

How to recognize an attack on our website? 

1. Emails sent via WP go to spam.

2. Your website has disappeared from the index Google or by typing in search engine "site:nazwadomeny.pl" new, suspicious subpages for example, with the phrase "viagra" in the back.

3. W panel Google Webmastertools you received a notification like this:


4. The browser (in this case Chrome) spits out a message when you enter pagesę:


5. Your website has slowed down significantly and the use of server resources has increased - without a sudden increase in real users.

6. The page is redirected to another page or only a white page is displayed (WSOD - White Screen Of Death).

7. A new user with admin/editor/author privileges was spontaneously created in the WP panel.

8. A new unidentified javascript code appeared in the code of the page or you observed strange links in its content.

Google has released a tool for quick diagnostics: http://www.google.com/safebrowsing/diagnostic?site=www.seowordpress.pl . Remember to put the address in the address its pages.

All right, then. So now what?

Best the solution is to ask your hosting-the employer to upload a backup of files and database from the day before the attack. But what if, for fear of data loss, we cannot perform such an operation?

Worth reading: http://codex.wordpress.org/FAQ_My_site_was_hacked

Step 1. Turn off your site - save your users from an unpleasant experience.

Step 2. Make sure that template and all plugs are updated - even those that are disabled (though ideally they should be removed) - they too in many cases have certain permissions that can facilitate an attack.

Step 3. Change login and password to the admin panel and remove all suspicious users.

Step 4. Identify problem.

4.1 Log in to your FTP server via your client and go to the root folder and /wp-includes/. Make sure that no new file has been added there index.html (if so - delete), original file WordPress index.php has not changed its name and whether no .php/.html/.js files with names with random characters were created.

4.2 Files .htaccess and wp-config.php compare with the originals.

4.3 Upload header.php and footer.php files of your template and open them in a text editor. Check if they don't have references to external files.

4.4 Scan the page using an external site Is this hacked? The results will tell you something.

4.5 Install and run a scan with the plugin Sucuri Security and Exploit Scanner

4.6 If you are working on unmodified template/plugins remove them with WP installation and replace them with freshly downloaded ones from official sites.

Step 5. If the problem persists then most likely malicious code has made its way into the database. Log into phpMyadmin from your hosting panel and enter the command:

SELECT * FROM wp_posts WHERE post_content LIKE '%

Analyze the results for malicious code.

If you are unable to deal with this problem. Get back to me through contact form

Preventive measures for the protection of the HR

1. Do not use the standard admin login "admin".

2. Use a strong administrator password: http://passwordsgenerator.net/

3. Change the standard "_wp" prefix to a custom one of your choice. The best way to do this is during WP installation however there is a way to changesThe prefix is added to an existing installation. More on this topic: http://www.wpbeginner.com/wp-tutorials/how-to-change-the-wordpress-database-prefix-to-improve-security/.

When creating a database and assigning a user to it, remember that: db_name != db_user

4. Once again: keep the template and plugins up to date!

5. Hosting is very important. I recommend zenbox.pl.

6. Use sFTP or SSH when connecting to site files. With FTP clients (e.g. FileZilla) it is very easy to extract the password to our server.

7. Secure folder uploads: https://www.seowordpress.pl/zabezpieczenie-folderu-uploads/

8. File wp-config.php should have read-only rights and secure it with .htaccess by adding:

    Order allow,deny
    Deny from all

Generate your own keys wp-config.php via: https://api.wordpress.org/secret-key/1.1/salt/

9. Disable editing of template files via WP panel by adding to wp-config.php


10. Enter a limit on incorrect logins with Limit Login Attempts.

11. Disable the native WP interface - XML-RPC. It is responsible for sending trackbacks and pingbacks but is very often used by hackers as an element of attacks DDoS. You can do this by using the plugin Disable XML-RPC.

12. Avoid assigning 777 permissions to files and folders

  • Catalogs: 755 or 750
  • Files 644 or 640
  • wp-config.php - 600

Remember, when I gots message on Google Webmastertools about a security problem - submit a request for consideration after it has been resolved

Wojciech Wladzinski

O Wojciech Wladzinski

I have been working in SEO industry since 2008. On a daily basis a senior SEO specialist in a company Seogroup. I create and optimize large websites as well as smaller ones. I'm especially fond of WordPress environment, which despite the popular opinion is not only a blogging platform.
  • Internal Links and Sematics

  • Link building
  • Sematics
  • Link building has never been easier. Hundreds of link possibilities in one click.
  • See

[ Article content is protected by Plagiashield ]

SEMRush - the best tool for SEO and PPC.

Read previous post:
How to run Instant Articles and Google AMP on WordPress ?

Facebook launched Instant Articles in order to make it more convenient and faster for users to read. It is not a golden solution because...