Last week I received yet another email from someone who has a WordPress site that was hacked and they needed help.
With shared hosting services that include unlimited domains, the domains are actually subfolders in the same public_html directory on the server.
Basically each domain name you add to your account is just another folder in the main root folder.
If one site gets infected on your shared hosting account it’s possible that the script used to hack the site will try and reach other subfolders and infect other related files.
If you use WordPress you may know a few weeks back there was a brute force attack happening on all WordPress sites. Most default installation of WordPress use the ‘Admin’ username so it made an easy target for hackers because they already knew the usernames for thousands of sites.
On my WordPress For Beginners DVD I’ve always told people to change the username when doing a WordPress install.
It’s a simple process to do when installing however if you are using the default ‘Admin’ username I’ve made a video showing how you can change it.
The plugin I use is Login Lockdown. It’s not been updated recently but it still works and is easy to setup.
Please comment below and share any other protection plugins you use.