WordPress website is hung on the horse as well as defense methods

WordPress itself security is very high, generally will not be easy to crack, is hanging horse, but we also can not over-superstitious security of WordPress, usually connected to the Internet server and computer, there are cracked risk.
So we in the daily maintenance of their own site, we must pay attention to the security of the site, to the maximum extent possible to prevent the site is hung on the Trojan.

In general, the way to crack the site is to get the site admin rights backstage, so as to modify the site files, place Trojan, this is the most common is the most easy to defend.

To defend against this type of hack, make sure you do the following:
? 1. Admin account try not to use the admin of this simple username, password using English capital + lowercase + number + special symbols, the way to maximize complexity
? 2. Make sure that your WordPress upgrade to the latest version, in the use of the theme, make sure that the loaded JS, CSS and other files do not include the WordPress version number.
? 3. Hide the login address of WordPress background, and do not show the background page address on the front page. (small remnant did not do this mainly for the convenience of everyone login)
? 4. Use the robot tool, block the background address, such as Wp-admin, Wp-includes folder, etc., to prevent hackers to use spiders query background files.
? 5. In the server, the virtual host Control Panel, set the Execute permission option, directly will have the upload permission of the directory
? 6. Install the security plug-in, let the password or account enter 3 consecutive errors, must be a certain time before you can log in again.

Security plug-ins have common limit login attempts, WordPress File Monitor Plus and so on.

What if I've been put on a trojan?

If your WordPress website has been put on a trojan, then we will find the location of the Trojan, and clear out.
In general, the current experience of the plug-in Trojan is to use the JS code placed to the front end, generating malicious links, malicious jumps and other ways to hijack your site, and the code is often placed in the front-end, or so that the PHP code will be JS output to the front.
There are several ways we can eliminate these malicious code:
1. Download the latest version of WordPress from the official, directly covered.

When overridden, files and folders in the Wp-includes folder, Wp-admin, and root directories can be overwritten directly.

Relink the database so that the data is not lost and the Trojan horse that these folders may carry is eliminated.

If the pieces covered, or did not eliminate the trojan, you can stop using the plug-in, one by one, stop using the theme, to troubleshoot the location of the Trojan. Find the Trojan and clear it off.

2. Manually check the Trojan
Use the FTP tool to view your own files, you can see the latest modification of the date, if not recently modified date, some obvious date modification is close to the current time of the file is very large suspicion has been modified to hang on the Trojan. Download and open the file, delete the Trojan to upload it or use the official download file to overwrite it directly.
3. Use a Trojan Horse
This kind of killing Trojan software in many servers and virtual host will exist, if you do not have to install some of this software, the use of software to Avira Trojan.

How to detect whether your site is being hung by a horse

Plug-ins that use McAfee SiteAdvisor to securely browse the Web. Example: detecting whether a Web theme park is being hung
You can open this page, and then in the upper right of the input box to enter your URL, check whether your site is hanging horse.
Some suggestions to prevent the WordPress site from being Hung horse
Understand the above some of the content, I believe you have some knowledge of the site security. The following suggestions can prevent you from being hanged.
? 1. Themes, plugins have to be published on the official website to download, do not download on the site of the reprint of the unknown.
? 2. Keep up to date with the official news, update themes, plugins, and maintain the latest version of your theme and plugins.
? 3. Update WordPress in a timely manner. Make sure your WordPress is the latest version.
? 4. Regularly back up database and website information, problems can be restored in time.
? 5. Do not arbitrarily paste the code of unknown origin into your website, especially if you do not understand the code.
? 6. Install some security plug-ins to protect your site, provided that these plugins must go to the official download.
? 7. Follow your website in real time, if you don't care about your website, then you don't know how to hang a horse.

Network security must be very attention, and must be the majority of the attention of the webmaster, good site defense, so that hackers do not have the opportunity to avoid the risk of Trojans,

WordPress website is hung on the horse as well as defense methods