Go Back   Forums @ The Digital Fix > Gadgets and Gizmos > Computing Forum

Reply
 
Thread Tools Display Modes
Old 05-06-2019, 13:32   #821
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
> I've never had this happen before

Wordpress has grown enormously in popularity, and therefore, the 'risk' of these sites has also exploded, as more and more people try and attack them. I've only got a noddy little site, but it gets hit constantly by people trying to either log in as 'admin' or weird passwords. Annoyingly, its more popular by hackers than legitimate users! *sigh*

It really is crucial to have daily backups of the site and database.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (05-06-2019)
Old 05-06-2019, 19:03   #822
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
On standard shared hosting, without any security plugins, a new WP site (updated) will likely get hacked in a few days (I did read an article about this a while ago, but cos hacked WP is such a hot SEO topic, I can't find it now!)

I use WordFence, iThemes and Sucuri all together on my sites, and have done for several years, with no apparent problems.
driver8 is offline   Reply With Quote
Old 06-06-2019, 07:34   #823
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
So, Wordfence also found some modified files which were replaced, but I got a notification last night to say an admin user had logged in from The Netherlands. So there's still a backdoor there after running that and changing passwords. Sigh...

Not entirely sure what to do next to be honest.
ascender is offline   Reply With Quote
Old 06-06-2019, 08:18   #824
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
You have to ditch and restore. Its no different to getting a virus from downloading something. Installing 'antivirus software XYZ' may return 'no threats' but that is no guarantee you have no viruses - it just means it didn't detect anything.
Ensure all your remote passwords to the site are changed (and secure, and unique) then reinstall Wordpress with a unique admin user (so don't use the 'admin' user account - disable it) with full secure passwords/pass phrases.
'nuke from orbit ... its the only way', etc. Sorry, but the worst thing is they'll log in, change the wordpress passwords, so you'll get locked out of your own site.
Chris Locke is offline   Reply With Quote
Thanked once by:
ascender (06-06-2019)
Old 06-06-2019, 08:50   #825
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
Yes, the security plugins have 'hardening' options, but you could spend days messing around.

The first time I was majorly hacked was actually due to an old Drupal install that then infected WP. I spent 2 solid days cleaning up the server and databases, only to get re-infected within the week. I then paid Sucuri $100 to cleanup (it's much dearer now) which included 12 months protection. Money well-spent.

The second time I was infected was just a few months back due to a zero-day plugin exploit. Rather than wasting time, I actually switched my hosting to WPX who guarantee to fix any issues. It's early days for me, but so far the service (and site speed) have been excellent. After a day of researching all options, their services are less than half the price of their nearest competitor.

WPX Hosting - my affid (any proceeds will be donated to tdf).

Quote:
  • Fastest WP CDN - 3x Your Site Speed, Free
  • We move all your sites to us for free
  • Malware removed for you - Hackings and malware gone fast & free
  • We fix your technical issues for free, fast
  • #1 on both G2 Crowd & Trustpilot!
  • "WPX is the fastest WordPress host... with first-class support!"
driver8 is offline   Reply With Quote
Thanked 2 times by:
ascender (06-06-2019), Chris Locke (06-06-2019)
Old 06-06-2019, 08:51   #826
ascender
Trusted User
 
Join Date: Oct 2005
Location: Schottland
Posts: 5,355
Thanks: 306
Thanked 125 Times in 101 Posts
That makes perfect sense...

In terms of losing customisations, I'm assuming my child theme directory is ok to restore as-is once I've done my fresh install of everything else?

Cheeky fvckers even deleted Wordfence.

Last edited by ascender; 06-06-2019 at 14:53.
ascender is offline   Reply With Quote
Old 08-06-2019, 14:04   #827
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
> I'm assuming my child theme directory is ok to restore as-is

I believe they're just .CSS files? If so, then yes, you should be fine. I wouldn't trust any .php files though. Again, going back to the 'infected on a PC' analogy, thats like saying, "I'll remove all the infected files, but I need Office and my Word documents, as I need them for work."
If your site has been compromised, then its probably safer (albeit overkill?) to assume everything has been 'infected' (.php files, obviously)
Chris Locke is offline   Reply With Quote
Old 12-08-2019, 08:43   #828
JonLaidlow
Scoundrel
 
Join Date: Mar 2001
Location: UK
Posts: 2,529
Thanks: 152
Thanked 137 Times in 87 Posts
Contemplating a premium theme - normally i tweak the free ones with extra css and widgets. Where's a reliable source for good themes outside of wordpress itself? There are quite a few marketplaces but not really sure how to differentiate them.
JonLaidlow is offline   Reply With Quote
Old 12-08-2019, 12:06   #829
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
Envato is the biggest theme store, with themes from $49-69. If price is important, some themes are offered at a launch discount ($29-39), even the big authors, and there are a couple of sales per year ... and one right now ! >> https://envato.com/birthdaysale/themes/

Most of the popular themes use a page-builder these days. They all have pros and cons, but you will likely get used to how it works, so best stick to the same one for any future themes.
driver8 is offline   Reply With Quote
Thanked once by:
JonLaidlow (13-08-2019)
Old 13-09-2019, 18:39   #830
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
Looking for a new host ? Been hearing good things about UK-based 20i, although not used them myself.
They offer a trial month for a £1, and free basic hosting with a domain registration.

>> https://www.20i.com/wordpress-hosting (non-affiliated link)
driver8 is offline   Reply With Quote
Old 24-09-2019, 07:57   #831
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
3 x premium themes, free for a week - perfect for experimenting to decide whether to make the jump from free -> paid.

'Faded' theme looks so-so (and the demo is broken), but the other 2 look quite good.

ENVATO themeforest: Free WordPress Themes
driver8 is offline   Reply With Quote
Thanked 2 times by:
ascender (22-10-2019), Chris Locke (24-09-2019)
Old 24-09-2019, 08:17   #832
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
Quite liked the look of 'Faded' - quite a nice simple layout. Ta for the heads up!
Chris Locke is offline   Reply With Quote
Old 21-10-2019, 14:51   #833
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
Quote:
Originally Posted by driver8 View Post
3 x premium themes, free for a week - perfect for experimenting to decide whether to make the jump from free -> paid.
And again this month - 3 different WP themes by established sellers, free for a week.
  • Intrinsic - Creative Personal Portfolio WordPress Themes
  • Paperio - Responsive and Multipurpose WordPress Blog Theme
  • Structura - Minimal One Page Theme
driver8 is offline   Reply With Quote
Old 27-01-2020, 20:45   #834
Dazzz
Trusted User
 
Dazzz's Avatar
 
Join Date: May 2003
Posts: 2,530
Thanks: 115
Thanked 314 Times in 152 Posts
SSL certificates: can anyone give me a quick dummies’ guide, what to buy and what to do with it?

I have a few Wordpress sites. All are information only, with no logins or information sharing, but I’d like to https them, to get rid of the “not secure” chrome message. So I think I just need a cheap one, with no bangs or whistles. Any tips?
Dazzz is offline   Reply With Quote
Old 27-01-2020, 20:48   #835
ljp
learned 2 ape the motions
 
Join Date: Jul 2000
Posts: 6,404
Thanks: 102
Thanked 136 Times in 111 Posts
Quote:
Originally Posted by Dazzz View Post
SSL certificates: can anyone give me a quick dummies’ guide, what to buy and what to do with it?

I have a few Wordpress sites. All are information only, with no logins or information sharing, but I’d like to https them, to get rid of the “not secure” chrome message. So I think I just need a cheap one, with no bangs or whistles. Any tips?
The last few I have done for friends I have used Cloudflare! Free and pretty damn easy to do as well.

https://www.cloudflare.com/en-gb/ssl/
ljp is offline   Reply With Quote
Thanked once by:
Dazzz (28-01-2020)
Old 27-01-2020, 21:10   #836
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
The 'king' of free SSL certificates is Lets Encrypt.
https://letsencrypt.org/
Chris Locke is offline   Reply With Quote
Thanked once by:
Dazzz (28-01-2020)
Old 25-03-2020, 07:31   #837
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
Another Envato sale - now there really is no excuse to get that site done!

Themes - and - Plugins.

As usual, several of the really big sellers (if you want to play safe) plus plenty niche options too.
driver8 is offline   Reply With Quote
Old 03-04-2020, 08:24   #838
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
COVID-19: Free Awareness Icons

driver8 is offline   Reply With Quote
Old 15-08-2020, 10:37   #839
driver8
M0D2.0 (trainee)
 
driver8's Avatar
 
Join Date: Jan 2003
Location: Malé, Maldives
Posts: 12,110
Thanks: 2,893
Thanked 2,992 Times in 1,299 Posts
I set up a Health & Nutrition forum a few weeks ago that currently has me as the only active member!

If you have the time & inclination, please sign-up to assess the process and my site-building skills. Then you can decide if you want to post or not (for anything non-TDF).

Tips & suggestions welcomed.
driver8 is offline   Reply With Quote
Old 15-08-2020, 11:34   #840
Chris Locke
Making a 1% improvement
 
Join Date: Sep 2000
Location: Essex, UK
Posts: 7,514
Thanks: 627
Thanked 1,847 Times in 643 Posts
How pedantic are we allowed to be?
In the sub header you have "Discussing Food + Health" but in the middle, it says "forum for discussions about food & health". I know ... Mr Pedantic, but it should either be + or &.
The the 'about us' at the bottom, it has two "&"s which could be "and"s. I think it reads better if "and" is used instead of ampersands. But ... well, its only a cosmetic thing.
Is there no way to cancel the 'If you recently registered but did not receive the automated email...' banner? Especially if you're already signed in...
Chris Locke is offline   Reply With Quote
Reply

Bookmarks

Tags
plugins, themes, Web Design, Wordpress

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Links not working in wordpress???? Guest 48579 Computing Forum 2 28-08-2006 04:41
How to build a website which allows others to build a site ? KeyserSoze Computing Forum 18 08-10-2005 23:14
Wanting to build a website Guest 16622 Computing Forum 8 13-07-2004 18:25

All times are GMT. The time now is 02:07.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2021, vBulletin Solutions, Inc.qq
Copyright ©2000 - 2021 Network N Ltd.