Preventing future hacks

Overview

The following describes the important steps to take in order to prevent future hacks to your website.

If you're not comfortable fixing your WordPress site on your own, you can request DreamHost's Hacked Site Repair (a professional malware removal service). DreamHost experts will access your account and make the necessary repairs to get you back online quickly. See the Terms of Service page for more information.

Updating software

Failure to keep software up-to-date almost guarantees that your site will eventually be compromised. While the latest software is not immune to exploitation, there are publicly available databases of known vulnerabilities which hackers use to probe for weaknesses. Once an exploit is discovered and made publicly available, your site is vulnerable until a patch is issued and you then use that patch to update your site.

Make sure that your software is up-to-date with the most recent version offered by the vendor. "Pre-packaged software" effectively means any software package that you've placed in your domain directory such as a blog, gallery, forum, shopping cart, content management system, and so on. Out-of-date versions of such software frequently have well-known security holes that can be exploited via simple scripts that are bandied about freely among "hacker" and "script-kiddie" groups.

Updating plugins

You should never overlook any plugins when updating software. If you have any non-standard plugins activated for your applications, try a search engine query for the plugin name + "vulnerability" to see if anything crops up in the version you're using. If there are known vulnerabilities for the plugin in the version you're using, make sure to apply any available patches; otherwise, deactivate the plugin.

You can also search your apps and plugins using the following link to learn more about any vulnerabilities:

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?