Website Security

 

Your security and privacy is important to us but we will need your help to stay safe. There will always be someone out there wanting to take advantage of everything we’ve built.

Let’s work together to keep those baddies out. 

The hacker’s ultimate goal is either to hijack the entire server to use as their own or to make your Content Management System (CMS),Wordpress, work to collect data for them or send out spam for them. Here are some recommendations for website administrators in maintaining security with WordPress through Dreamhost and detecting when the site has been compromised.

WordPress Security

WordPress is a popular content management system (CMS). Right now, 455 million websites run WordPress. That’s 20% of the current internet real estate. Because of this, hackers are more likely to target this system. They even have scanners that allow them to target outdated versions in particular.

An outdated system is the first vulnerability. When a new wordpress is released, users get a notification in their email and it’s recommended that they update right away. WordPress’ core team has gotten pretty good at rolling out security patches quickly and efficiently, so the risk of exploitation is minimal, provided that WordPress users update their installation. You can manage updates through wordpress.com or on your site.

Outdated plugins could also allow hackers to find a way in. wordpress.com/plugins/manage/yourdomain to setup auto-updates for any plugins that were installed after setup. 

 

WordPress Backup

Updraft plus is installed to allow for scheduled backups and site recovery.

more about updraftplus

WordPress System Administration HAck (WP- Admin Hack) 

WordPress will notify your email if there was a request to change the administrative email. That is a big indicator that you should check your WordPress Users list. The email associated with your administrator should be displayed in your Settings Tab > General. Your administrative user should be located in the Users tab. If there are any other users with administrative permissions that were not authorized, delete them.

 

what are the symptoms of the wp-admin hack?

Here are some signs your WordPress admin panel may have been hacked:

– You find that admin users you’re not aware of have been added to your WordPress site, or find that a lot of spam WordPress users have been created then definitely it is wp-admin hack situation.

– Google indexes your site with pharma spam pages.

– Your WordPress website becomes very slow.

– New web pages are added to your website with Japanese text (Japanese SEO spam pages).

– Any WordPress Security plugins that you’ve added to your site automatically get disabled.

– You find unknown files like admin.php, adminer.php in the /public_html folder or /public_html/wp-admin folder.

 

MAlware Remover

A Malware remover can be added to the server through Dreamhost for around $36/yr.

dreamhost malware remover

 

Server Security

Dreamhost will notify you if there are any new FTP Users created. There should only be one created at setup; any others should be reported to Dreamhost immediately. Fwd to: support@dreamhost.com

 

Domain Security

Dreamhost provides Let’s Encrypt, a free and open SSL/TLS certificates by a not-for-profit certificate authority. This is usually a part of setup and they will email you about a new encryption regularly.

 

 

 

Security Scan

Have Google give your site a security scan with Google Webmaster Tools:

scan now