| Sign in: |
| Members log in here with your user name and password to access the your admin page and other special features. |
|
|
|
|
|| SportsShooter.com: Member Message Board
WordPress: To Host or Not to Host
Delane B. Rouse, Photographer, Photo Editor
 |
Washington | DC | US | Posted: 8:30 PM on 08.03.09 |
->> I ran a wordpress blog as a website for about 9 months with no problem, them all of a sudden my site was hacked somehow and browsers started reporting the site as "suspicious" and that it was hosting malware and stuff...
I deleted the entire WordPress installation and changed all the sites passwords but only put up a static index.html page for the past 3-4 months...
My question...should I try hosting a wordpress blog on MY site or is it more secure getting a free account on WordPress.com?
(FYI...The old site didn't use a very secure password, we've since started using a password that is completely random and very long).
Any feedback is greatly appreciated!!!
Thanks in advance.
Delane |
|
Craig Mitchelldyer, Photographer, Assistant
|
Portland & Orange County | OR and CA | USA | Posted: 8:33 PM on 08.03.09 |
| ->> Host it yourself and make sure to keep up to date on the current version/change your password a lot. Most of the updates are security fixes... |
|
Melissa Wade, Photographer
|
Boston | MA | USA | Posted: 8:50 PM on 08.03.09 |
->> I came across this - http://www.dailyblogtips.com/wordpress-security-tip-remove-the-admin-user/ - earlier today and didn't bother to follow it because I couldn't really understand why anyone would be bothered, but between your (Delane's) post and a favorite blog being completely wiped out (haven't confirmed why), I decided to double check my settings.
While I didn't have a plain "admin", I had given "Melissa Wade" administrator duties which is pretty much the same as admin. Switched that now to "author".
Hopefully http://hockeyphotography.com/blog is safe now though I still doubt anyone would bother with it. |
|
Baron Sekiya, Photographer, Photo Editor
|
Keaau | HI | USA | Posted: 12:07 AM on 08.04.09 |
->> This is a pretty good post on how to protect your WordPress site from hackers. http://www.guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/
The good thing about self-hosting a WordPress.org install is that you can use whatever plugins and themes you want. If you go with WordPress.com then you're limited to what they have.
btw. WordPress just pushed out a security fix today. They're up to WP 2.8.3 now. So far so good with my site http://www.hawaii247.org
I back-up the database, archive the content and things have gone pretty well, though I have gotten my hands a little dirty doing some under the hood stuff with the PHP files and MySQL databases. |
|
Melissa Wade, Photographer
|
Boston | MA | USA | Posted: 1:37 AM on 08.04.09 |
->> FYI, while the link I gave above felt it was wrong to have "admin" or the account that you actually posted from as administrator as a hacker would then only need to figure out your password, if you aren't the administrator when you post something with an embed whether a Photoshelter gallery or a great video like this - http://www.cmt.com/videos/misc/401615/love-shack-from-the-2009-cmt-music-aw... - the code will disappear when you hit Publish.
I had both in a post and just about went insane before thinking to change myself back to Administrator from Author. Tried just having the gallery, just having the video, having the gallery in a separate post as I did have a mess of hyperlinks in that particular post, etc.
If you are really concerned you could always switch yourself to Admin before posting something with an embed and then back to Author afterwards. The embeds in my previous posts were still working which made me that much crazier. |
|
Chuck Steenburgh, Photographer
|
Lexington | VA | USA | Posted: 9:11 AM on 08.04.09 |
->> Melissa,
Baron's link suggests the alternative that I use: post from an admin account whose display name is different from its user name.
4. Delete "Admin" User. Just to make hackers work harder, bin this. Create a new user with administration rights, and give the user a nickname (for public display) that is not the same as the username. Then log out, log back in as the new user, and delete the original "admin" user.
That accomplishes the same purpose...
Chuck |
|
Daniel Malmberg, Photographer
|
Huskvarna | Sweden | Sweden | Posted: 9:51 AM on 08.04.09 |
->> Before i started my career as a sports photographer, as was working as a webdevelopper and also administrated a server that was used for webhosting.
I have seen (and restored) a couple of hacked sites.
The were all hacked trough web applications with well known security holes.
If the sites would been properly updated they would newer be hacked.
Wordpress in its newest versions is very easy to update when logged in as a "admin user".
If there is a update released, you will get a notification, and can update "automatically" if you know your username and password for your FTP-account.
If you run a well known open source application as Wordpress or Joomla (for examples) its critical to keep them updated as fast as possible when updates are released.
This will help minimize risk to be hacked. |
|
Return to --> Message Board Main Index
|