How can I strength the security of my wordpress site?

I have a wordpress site (latest version) with my own customization of themes/some plugins for one of school. Today when I search in google the site name it gives the link to this site, http://bugmenot.com/ ? which displays all my db (student table) username , password here public?

How can I prevent this? How it is possible to read the db information and can display here, http://bugmenot.com/ ?

Please help.
LVL 36
Loganathan NatarajanLAMP DeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ray PaseurCommented:
What may have happened was that someone or some ones in your community deliberately fed the credentials to BugMeNot.com.

Under certain circumstances you can block your site from BugMeNot.com.  Wikipedia is one of the sites that is blocked.  Learn more here:
https://en.wikipedia.org/wiki/BugMeNot
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Zephyr ICTCloud ArchitectCommented:
Besides the valid point Ray made there is something to be said about securing your Wordpress setup.

Wordpress has a site specifically for this with best practices and things to look out for.

It comes down to some bullet points:

- Secure your host: Use secure passwords and different ones for each account (for Linux host consider authentication using ssh keys)
- Secure your database with different users than used for the system and use hard to guess passwords, long and complex passwords whenever possible.
- Make sure you are always up to date, this goes for the host as well as the Wordpress website.
- Make sure that file permissions are as strict as possible.
- protect parts of your website that don't to be accessible by everyone (eg wp-admin)
- Make sure that your db isn't susceptible to xss attacks

There are third-party Wordpress plugins that can help you tighten the security of your Wordpress site, they are of course with their own risks (like locking too much)... Here's an example
0
Loganathan NatarajanLAMP DeveloperAuthor Commented:
@Ray Paseur  Thanks for your comments. Let me check my group. Not sure anybody did purposely. Because those people may not aware of these things?

one question, Will wordpress have any loop hole to share this kind of details ? I mean any plugin/script to do this?
0
The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Loganathan NatarajanLAMP DeveloperAuthor Commented:
@ spravtek , Thanks, I will do the needful as well.
0
Zephyr ICTCloud ArchitectCommented:
If your database is vulnerable to xss attacks it's possible to get details from it, or they brute force attacked the login to the database, if your password is not strong enough it can be quite easy if you don't protect against it.
0
Loganathan NatarajanLAMP DeveloperAuthor Commented:
Ok, I will check with my hosting as well.
0
Ray PaseurCommented:
those people may not aware of these things?
It's probably best not to rely on the ignorance of others.

Also, PHP has a section on security:
http://php.net/manual/en/security.php

And there is OWASP:
https://www.owasp.org/index.php/Main_Page

Security is not a destination, so much as a journey.   Best of luck with it, ~Ray
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WordPress

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.