Serving The Planet

Big Idea Mastermind WordPress based Website Defaced …

Yesterday — by accident(!) — I defaced a Big Idea Mastermind website; SORRY!

Defacing a WordPress based Website

Showing once more … that being with the right team, but not having basic knowledge about setting up a website (neither having backups) is a mistake many website owners make!

Imagine what else I could have done … (and didn’t do)

“What did you do exactly to deface their site? And Why?!”

Well … I was just researching something when I gained access to the installation … and reinstalled the whole thing, overwriting all site data and giving me admin access. By accident … cause I was only interested to know about a few of their site features.

How to prevent your WordPress Based Website from Being Defaced

And it’s so not necessary! It’s very easy to install a few additional (free) plugins to prevent your site from being defaced. I recommend these two plugins (both can be installed from your WordPress Plugin backend)

Plugin: WordPress Bad Behaviour

Bad Behavior is designed to integrate into your PHP-based Web site, running as early as possible to throw out spam bots before they have the opportunity to vandalize your site with their junk, or even to scrape your pages for e-mail addresses and forms to fill out.

Not only does Bad Behavior block actual vandalism to your site, it also blocks many e-mail address harvesters, resulting in less e-mail spam, and many automated Web site cracking tools, helping to improve your Web site’s security.

Bad Behavior runs before your software on each request to your Web site, so if a spam bot does visit, it will receive nothing, and your software never runs. This reduces the amount of server CPU time, database activity and bandwidth spent on processing robots which are just harvesting your site and delivering junk.

Bad Behavior rejects spam bots outright, sending an appropriate 4xx error code. This lets you filter them out of your server’s logs when you do log analysis, making them cleaner and more accurate and giving you better insight into the human beings visiting your site, rather than the spammers.

Bad Behavior is fully compatible with reverse proxies, HTTP accelerators, load balancers and content distribution networks. It is fully Section 508/WAI compliant. And it stores personally identifying information for a maximum of seven days, (it is usually not stored at all) making it compatible with virtually any corporate or government privacy requirements.

Bad Behavior is designed as a platform-independent package which uses a connector to integrate with a given software package (MediaWiki, WordPress, etc.). This lets Bad Behavior run on a very wide variety of Web applications, including personalized custom scripts you may have written. With some Web servers, Bad Behavior can even be used to protect static HTML pages.

Plugin: Better WP Security

Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.

With one-click activation for most features as well as advanced features for experienced users Better WP Security can help protect any site.


As most WordPress attacks are a result of plugin vulnerabilities, weak passwords, and obsolete software. Better WP Security will hide the places those vulnerabilities live keeping an attacker from learning too much about your site and keeping them away from sensitive areas like login, admin, etc.

  • Remove the meta “Generator” tag
  • Change the urls for WordPress dashboard including login, admin, and more
  • Completely turn off the ability to login for a given time period (away mode)
  • Remove theme, plugin, and core update notifications from users who do not have permission to update them
  • Remove Windows Live Write header information
  • Remove RSD header information
  • Rename “admin” account
  • Change the ID on the user with ID 1
  • Change the WordPress database table prefix
  • Change wp-content path
  • Removes login error messages
  • Display a random version number to non administrative users anywhere version is used


Just hiding parts of your site is helpful but won’t stop everything. After we hide sensitive areas of the sites we’ll protect it by blocking users that shouldn’t be there and increasing the security of passwords and other vital information.

  • Scan your site to instantly tell where vulnerabilities are and fix them in seconds
  • Ban troublesome bots and other hosts
  • Ban troublesome user agents
  • Prevent brute force attacks by banning hosts and users with too many invalid login attempts
  • Strengthen server security
  • Enforce strong passwords for all accounts of a configurable minimum role
  • Force SSL for admin pages (on supporting servers)
  • Force SSL for any page or post (on supporting servers)
  • Turn off file editing from within WordPress admin area
  • Detect and block numerous attacks to your filesystem and database


Should all the protection fail Better WP Security will still monitor your site and report attempts to scan it (automatically blocking suspicious users) as well as any changes to the filesystem that might indicate a compromise.

  • Detect bots and other attempts to search for vulnerabilities
  • Monitor filesystem for unauthorized changes


Finally, should the worst happen Better WP Security will make regular backups of your WordPress database (should you choose to do so) allowing you to get back online quickly in the event someone should compromise your site.

  • Create and email database backups on a customizable schedule

Other Benefits

  • Make it easier for users to log into a site by giving them login and admin URLs that make more sense to someone not accustomed to WordPress
  • Detect hidden 404 errors on your site that can affect your SEO such as bad links, missing images, etc.

Did you enjoy this article?
Signup today and receive free updates straight in your inbox. We will never share or sell your email address.
I agree to have my personal information transfered to GetResponse ( more information )

About Earnie Rhyker

tech pioneer | intellectual BadAss | ethical lifehacker | WordPress Developer & Polyglot | information activist | blogger | added value services provider | multimedia enthusiast | senior linux server administrator | geek | bitcoin investor | laptop entrepreneur | open source contributor | hackintosh fanatic | charity donator | accredited top MLM networker & internet marketer 2014-2016 @ BFH | digital expat

Visit My Website
View All Posts

, , , , , , ,

Earn With Earnie
error: Content is DCMA protected !!