Website security

bsugar

Member
Hi guys,

I don't know if anyone has experienced the same thing but if so I would appreciate any feedback you could offer. I currently use a free version of Wordfence, the wordpress security plugin. I received a couple of emails from them advising me that some of my files had been recently modified but I had not made any modifications to the files mentioned.

I changed the password to my website since then and have always kept my version of wordpress and plugins up to date and added capture before login but I received another email from them a couple of weeks later notifying me that some more files had been modified which I had not done. They also noted several attempts to log into my website with the user name, admin. I checked on my Google analytics and webmaster tools account and its not picking up any malware. Would someone have to log into my website to modify my files or is there another way that this can be done?

I find it worrying that someone would bother to take the time to try to log in or hack someone's website. I don't promote anything political or controversal. How do you guys secure your websites from such issues? I know there is Cloudflare which is quite expensive.

Thanking you :cry:
 
are you sure it was actually from wordfence and not a spoofed email.... I used to get emails from 'security firms' regarding various security 'issues'
 
Hi Levi,

I am normally clued up about opening emails. I assumed the emails were from Wordfence because I started receiving them after I uploaded their plugin to my website. There would be no other way for me to receive their reports otherwise. You say you used to get these emails. Is there a reason that you do not receive them anymore? How did you deal with your issues in the end?

Thanks
 
Not these, I don't use wordfence (or wordpress for that matter), I meant 'general emails about security'.

Just had a thought though... doesn't wordpress use a database, could it be wordfence is sending you emails regarding this being updated/backed up on the server at set intervals. Could be a setting or something you've overlooked.
 
Hi Levi,

No, they are not general emails about security and yes wordpress does have a database. They inform me when my plugins or wordpress is out of date or any other issues on the site. I will contact Wordfence for more information I think.

Thanks for taking time to respond. Really appreciate that. Now its time for me to watch Wales against Portugal. Whats your bet? I reckon Portugal will win.
 
I've installed the free version of wordfence today for a client who's had issues with their site being hacked. I've found that it keeps detecting 2 core files with malicious content regardless of how often you repair them (I've even replaced the files from a fresh download of wordpress so I know there's no errors). Have you setup the wordfence firewall and activated/configured the other settings? I found that I needed to update my servers php from 5.2 to 5.6 before it would run properly (apparently 5.6 is more secure anyway so is a good update).

Additionally I've installed the iThemes Security plugin to better protect agains brute force attacks.

An alternative to Word Fence is Sucuri Scanner which comes highly rated.
 
Seems like you are doing what you need to, keeping everything up to date and changing your password (hopefully often). I would contact Wordfence and see what they say. It might be worth getting an SSL certificate for your site too.
 
Thanks Big Dave & Green Eggs & Ham, (lol, I like the name green eggs and ham),

I didn't realise that you had both responded otherwise I would have replied to you earlier. Thanks for taking time out. I have never updated php myself. I thought that my hosting company did that as I have a VPS package with them. I will have to contact them to see if they do this. I did not sort any Wordfence settings once I downloaded the plugin so I will have a look at that. I did send Wordfence an email but haven't received any response. I have heard of Sucuri Scanner which is also supposed to be good but do any of you use it for your own website? What about Wordfence. Big D I know you used if for a clients site but do you use that for your own website?

Thanks guys. Oh and I told you that Portugal would win the football. Wales did very well though (y)
 
....What about Wordfence. Big D I know you used if for a clients site but do you use that for your own website?

Yes I use it for my site although I get very little feedback from it so I can only assume my site is of little or no interest to anyone with malicious intent. lol

As for php, if you log into your hosting account and go to your servers control panel there's probably an option called "php version". Mine looks like this:
php_zpsrq6kh7pr.png
 
Back
Top