Scanning the files on Virus Total is assuming that they have been laced with malicious codes. Not exactly sure you get it.I always scan the files in virus total after downloading from here.
You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.
Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"
Scanning the files on Virus Total is assuming that they have been laced with malicious codes. Not exactly sure you get it.I always scan the files in virus total after downloading from here.
Great! Did some research and even found a plugin that does this. Thank you!!!just google about incremental static site generation and wordpress headless cms.
mostly use with wordpress Graphql plugin and SSG front end. i recommend nextjs.
I don't use shared or reseller hosting. I use a 4-slice VPS plan from Interserver + additional features. That's where I have all of my websites and I pay a lot on a monthly basis to have my website running effectively. Namecheap isn't even secure. Lol.Sometimes the hosting platform you use matters, i will advice you use namecheap or hostinger, they have antivirus scanner on all their hosting package, anytime someone tries to upload a malware or access your CP, they always block it and will send you an email asking if you were the one that was trying to upload it.....
True. It is very easy for those who do not understand the complexity of WordPress security to say a resource they downloaded from Babiato got their site hacked. I just hope everyone can take extra precautions concerning their sites. You're welcomeI was about to write a similar post.
And I noticed nowadays, Most of the WP sites getting XML-RPC brute force attacks.
And of course, Babiato is not responsible for getting hacked as I believe most of the time it happens for old versions of plugins or themes.
Thank you so much for the post.
Take my love.
glad i helped a little bitGreat! Did some research and even found a plugin that does this. Thank you!!!
Of course! Would try on a relatively new site and see notice the website's behaviour.glad i helped a little bit
and after expirement, please post what you did and what did you achieve.
it would be nice to report to community members
Which plugin and can we open a topic for this? i have servers and websites to play withGreat! Did some research and even found a plugin that does this. Thank you!!!
Great explanation, anyway instead of Hide My WP Premium I'd suggest to use WP Hide Security Enhancer Pro because it offers more features and it's definitely of superior quality in terms of security.Please take the time to read this!
In the past weeks, there have been several claims by users that resources from Babiato are riddled with malwares or that they downloaded resources from here only to get hacked or suspended by their hosting provider, with the recent complaint being this.
I actually use some of the resources here, most importantly Publisher Theme. I have several sites but my Publisher themed sites have suffered attacks the most. As a matter of fact, I wake up on some days only to see new categories and posts totally unrelated to my niches posted with several backlinks. All three of my Publisher-themed websites were successfully hacked, new posts created as well as new categories. Also, my files were modified with backdoor codes injected and funny media extensions uploaded to my root folder. I cleaned ALL, deleted my theme and plugin folders, reuploaded the Publisher theme and all of my plugins and changed all my passwords. A couple of days later, they were all hacked again.
Here was what I noticed; @TassieNZ shared the last update for the Publisher theme which was in July 2021 (well over a year ago). I'm not saying he did anything but a year since the last update of a WordPress theme and plugins is a recipe for disaster. Unfortunately, Babiato is well updated on the theme and it means the developers have not released any new update since over a year ago. Here is the official changelog of the Publisher Theme.
So, how do you prevent your WordPress blog/website from getting hacked?
1. CHOOSE a WordPress theme that is constantly updated! AVOID themes like Publisher, whether you buy from the developer or use the nulled version. It is a bad choice!
2. Disable theme and plugin editor on your WordPress backend. This is so that if your login details are hacked, it would be impossible to upload any malicious code into your root files. To do that, copydefine( 'DISALLOW_FILE_EDIT', true );
into your wp-config.php file just above the line that says ‘That’s all, stop editing! Happy publishing’
3. Install Wordfence Premium from Babiato to your site. The free version is good but the premium is more robust. If you have a static IP, whitelist your IP and Immediately block IPs that access these URLs "/wp-login/" and "/wp-admin/". Also look through the settings and beef up your security.
4. Install Sucuri to monitor whatever changes was made to your files or activities done.
5. Disable the REST API for non-authenticated users. NOTE: Disabling the REST API completely breaks WordPress administrative functionality. If you want to disable access to REST API endpoints, you should instead only accept requests from authenticated users. Copy the following code snippet and then paste it at the bottom of your child's theme functions.php file:
add_filter( 'rest_authentication_errors', function( $result ) { if ( true === $result || is_wp_error( $result ) ) { return $result; } if ( ! is_user_logged_in() ) { return new WP_Error( 'rest_not_logged_in', __( 'You are not currently logged in.' ), array( 'status' => 401 ) ); } return $result; });
6. Disable the XML-RPC API for your website. XML-RPC is a security hazard. It’s often exploited by attackers looking to break into your site or launch a distributed denial-of-service (DDoS) attack. Most of XML-RPC’s functionality has been superseded by the REST API anyway, so disabling it doesn’t affect your experience all that much. You can use the Disable XML-RPC free plugin in the WordPress directory to do this but I recommend Hide My WP Premium plugin. This is so because you need to blurt out some information from your website such as version number, etc., which hackers often use to exploit website securities. In my case, I later found out the hacker was remotely posting on my website using the XML-RPC API without needing to login to my sites after cleaning up the entire sites. I have attached a screenshot from the Hide My WP Plugin where the hacker was trying to call the API after I disabled it.
Hackers are smarter and so should you! All the best!!!
I don't use shared or reseller hosting. I use a 4-slice VPS plan from Interserver + additional features. That's where I have all of my websites and I pay a lot on a monthly basis to have my website running effectively. Namecheap isn't even secure. Lol.
It is if you know what you are doing, and use a host that knows what they are doing.Good tips, but if you able to avoid Wordpress; I suggest that because of WP is not easy to secure.
Thanks for the suggestion to use WP Hide Security Enhancer Pro.Great explanation, anyway instead of Hide My WP Premium I'd suggest to use WP Hide Security Enhancer Pro because it offers more features and it's definitely of superior quality in terms of security.
All Security plugins are USELESSSSS, depending on who is targeting you.. Yea that's right!I know it's a bit late, but if you are being hacked on a VPS, most of the time, the fault lies on you.
The server is yours to use and maintain.
Basically, it's your server.
Personally, I like the combo Cloudflare Pro + Bitninja.
If you take security seriously, plugins are useless.
That's the recipe for a great disaster; the virus total is not omnipotent like everyone is inclined to believe.I always scan the files in virus total after downloading from here.
Great! Did some research and even found a plugin that does this. Thank you!!!
We get it, advertisements are annoying!
However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.
If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.