hantaah — 2013-04-25T12:28:29-04:00 — #1
what does it mean when your back end is open and how is that fixed?
davemaxwell — 2013-04-25T13:11:16-04:00 — #2
It means you've got a security issue on the server side of your site. It could mean any of a number of things:
- Your ftp connection isn't secure
- Your hosts control panels security measures don't measure up
- Your database security is lax/missing/easily circumvented.
- If you're using a COTS product, there might be common problems which haven't been patched on your site.
- Your server side coding is lax in preventing sql injections.
Is this a real situation, or are you looking for general ideas? If general, look at the different forums here (this one, database, whatever language your site is using)) and look there for topics which might meet your needs (the database forum has one dealing specifically with #5 above).
If it's a situation, you might need to provide more details so someone can point you in the direction of where to look to fix your issues.
hantaah — 2013-04-25T13:19:43-04:00 — #3
yes it's a real situation, someone told me the backend was open http://www.sakeenaheducationcentre.com
I know ftp is locked.
My hosting is with poweredbypenguins and I'm guessing they are up to speed with security.
How else can I know?
davemaxwell — 2013-04-25T14:06:31-04:00 — #4
I would guess the issue is more with wordpress than your host.
ralphm — 2013-04-25T20:01:11-04:00 — #5
Unless they are prepared to give you some more information, I'll tell them to shut their own backend. Your login page is password protected. WP is normally not "open" (presumably meaning "publicly accessible").
dklynn — 2013-04-26T01:26:05-04:00 — #6
It's likely that the one telling you that you've been hacked is trying to use social engineering to gain your login details (easier than actually hacking a website). If that's not the case, you'd better be prepared to download your entire website and match it with your local version (WinMergeU and BCompare are both good at making comparisons and noting any differences). If you've been hacked, search here for the checklist of recovery tasks I'd posted some months ago.
hantaah — 2013-04-26T06:37:48-04:00 — #7
hmmm, well the person I did the website for, it's a member of their family. They commented to say they like the website but to tell me the backend is open so to look into it. The problem is I developed this online so don't have any local version
pullo — 2013-04-26T07:04:40-04:00 — #8
Oh man, you always need a backup.
I really can't suggest strongly enough that you make one.
We'll be happy to give you some pointers if you don't know how.
hantaah — 2013-04-26T07:11:39-04:00 — #9
Please if you could. I have backupafobia. I have a plug in called duplicate. Is that any good?
pullo — 2013-04-26T07:24:16-04:00 — #10
Nah, that plugin allows you to clone a post or page, or edit it as a new draft.
To back up your site, basically you need to do two things:
- Backup your database(s)
- Backup all of the assets (e.g. images, theme files etc.)
Let's start with point 1.
You can either do this by loging into your hosting company's admin area and using whatever functionality the offer you (probably PHPMyAdmin)
Or, installing a plugin, such as this one, which will do it for you.
You might also want to read: http://codex.wordpress.org/Backing_Up_Your_Database
After that, the easiest way to get to your files, is to connect to your webspace, via FTP, find your root WP folder (it will contain folders such as "wp-admin" and "wp-content"), then just copy this to your local PC.
If you don't have FTP access for whatever reason, there is a plugin that claims to do it for you.
You might also want to read: http://codex.wordpress.org/WordPress_Backups
And that's it.
Personally, I do both of these things by hand, so I can't recommend the plugin as I simply haven't used it.
hantaah — 2013-04-26T07:33:58-04:00 — #11
oh that sounds easy. I'll wait for a recommendation on that plug. Otherwise where do I go in phpadmin to back up?
To copy my root do I copy the public_html and all inside that?
pullo — 2013-04-26T07:38:39-04:00 — #12
In PHPMyAdmin, select the db, click the tab marked "Export", keep the defaults, but choose "Save as file" (this might be hidden under "Advanced options" or something), and that's it.
It can't hurt to have a backup of everything on the server.
Strictly speaking all you need is the directory titled "wp-content", but I would go one level above that, then you've got a copy of everything related to the WP install.
hantaah — 2013-04-26T07:53:35-04:00 — #13
easy peezy! I didn't even need to access phpmyadmin as they had a backup button in my control panel so I clicked that and it saved to my pc in a .txt ( hope that's right )
Plus now in the process of transfering all files via ftp...
Thanks I'm now backed up and about to do the same for all my other sites!
pullo — 2013-04-26T08:02:35-04:00 — #14
Yup, it should be a plain text file.
It is probably worth opening it and searching for a string that you know you added to the site recently.
E.g. When I back up my DB after updating my blog, I open the backup file and search for the title of my last blog post. that way you know that you have got the latest version.
Good on you!
dklynn — 2013-04-28T06:57:33-04:00 — #15
Don't forget to password protect your "backend"!!! Use the password your host can generate for you OR use a strong one from strongpasswordgenerator.com.
webcosmo — 2013-05-01T17:17:28-04:00 — #16
Your host has nothing to do with the security of your backend; by being open it means it
s vulnerable to attacks, so you should be looking for an upgrade to the CMS youre using.
hantaah — 2013-05-01T17:53:31-04:00 — #17
I see, will mke sure I keep updating!
@pullo if I want to take this back up I did of the database and files and put it onto a sub directory, how do I do thast? Do you know of a tutorial that I can follow?
pullo — 2013-05-02T05:40:54-04:00 — #18
Not sure I follow you.
Could you elaborate a little on what you are trying to do.
On a separate note, I almost didn't see this question.
If you want to get someone's attention you can mention them by writing an at sign "@" followed by the user name "pullo" a space " " and a semicolon ";"
Like this: @hantaah ;
This will then show up in that person's notifications when they log in.
technobear — 2013-05-02T06:25:05-04:00 — #19
Or you can just type [mention][/mention] tags round the name. It does the same thing (and I find it easier to remember ).[/ot]
hantaah — 2013-05-02T06:57:19-04:00 — #20
@Pullo ; I see thanks for that @TechnoBear and thank you also
you helped me make a back up ( above ) so I have a plain text file of the data base and all the files from the public_html. So I now want to take all this and place it on my new url but on a sub directory. I though to do this so that if any of muy clients don't keep their hoting going then I can still link to my work ( fully working )
so for example I'd have my url http://organicwebdesigns.co.uk and then another wordpress site on a sub directory like this http://organicwebdesigns.co.uk/my-first-project and so on. So How do I get this back up above to work on my sub directory. I tried just uploading it into the sub directory but that didn't work.
next page →