This webinar, hosted by Dre Armeda, covers how anyone can hack your WordPress site in less than 5 minutes (which he actually demos live) … and what you can actually do to prevent it.
Topics Covered
- Knowing your enemy
- WordPress-loving Infections
- Access control
- Tips for preventing and dealing with hacks
- Plugins that can help with security
Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.
[…] 16. How to Hack a Site in 5 Minutes […]
Thanks so much for posting this. It was extremely useful and it is nice to have a knowledgable voice and something recent for 2013.
[…] [Video] How Anyone can Hack Your WordPress locate In Less Than small cinque … […]
this video is really helpful but wpscan is not supported in windows?
Mmm… How to hack a WordPress website… Isn’t this website a WordPress theme… Hahaha. Awesome Video Guys! I wish I could win a year subscription with securi, NOW THAT WOULD BE AWESOME!
WordPress or Joomla or any other CMS Platform sites are very easy to hack if you’re not aware of the security of your websites. Installing Plugins and Free Themes may cause in many situations. Better to avoid installing Free theme and better to buy any theme from iThemes or from somewhere else.
Once I had my wp site hacked due to non regularly updates (it was version 2.xx) since then I use only HTML + CSS sites, so no more hassels, no more updates & not using any php files except for the contact page, Do I still need to worry about those hack attempts explained above in the video ??
—
Concerning the demonstration wp hack, What if the “wp-admin” folder protected against the IP ? simply by adding .htaccess ip allow deny rule (so that way only I can access to the admin panel even with the pw )
Any thoughts ?
thanks, cordially Amila
This information is really helpful. I found another articles which talks about fixing the worpdress hacking issue.
http://wordpressapi.com/2013/05/22/if-wordpress-site-is-hacked-then-how-to-fix-issue/
[…] 2. Restrict login attempts using the Limit Login Attempts plugin for WordPress. Most sites are compromised using a “brute force” attack where an automated system discovers your admin account user name then tries a list of passwords against it. By limiting the number of login attempts, the bot can only try a few times and then has to wait an hour or so try again, this makes it impossible for them to go through their password list. Want to see how it works? Here’s @dremeda hacking a WordPress site in 5 minutes [Video]. […]
The video is really too big to view it at once. Need to download it
OMG- My website got hacked last year, and it was such a mess. I had 2 other websites hosted on my same FTP server, and they were all being redirected to some weird website selling pharmaceuticals or something. I worked on it for probably 2 days before I gave in and started looking for professional help. I found a website called eSecurityPros.com and worked with their technicians. They had my sites completely fixed, up and running in a day. The whole thing costs about $200, but definitely worth it. I’d recommend them to anyone.
@Robert Collins
Reducing login attempts against a 90,000 strong botnet is a useless tactic on its own. Login attempts are based on IP address. With that many addresses and that much badwidth, the brute force would be insanely fast. About as fast as the server could handle. Which is why it bogs you down. It’s using all is resources processing the information and bandwidth from the botnet.
Login attempt isn’t a bad idea, but definitely add in the other security measures.
Thanks a lot for this amazing wordpress hack thing. I am impleting this method on my site now so that i don’t get hacked.
Keep sharing info related to wordpress like this one.
I think this just happened to me.
I see product sold via “free” method.