I have seen so many websites got hacked from the Admin User Interface. Most files on the server have been overwritten with embedded codes such as <iframe> or Javascript or something else. Why? If hacker gain the access to admin of your website, they can do everything. They can view your configuration file. They’ll know all credentials that have been set up to run your website including DB access, SMTP mail server, FTP access. So to prevent this happens, you have to rename a few files or type some exit() function in some files that are the hackers’ targets.

If your system has phpMyAdmin installed, go to directory /scripts/ , open the file setup.php and type exit(); on the second line. This will make sure that hackers won’t have a chance to execute this setup file. If you have configuration.php or config.php or wp-config.php anywhere on your system, set permission level 0444 only, not higher than that. You shouldn’t have any directory called /admin in the root of your directory. Below is all names of directories you should avoid. This list has been recorded on my server to see how hackers behave when they’re trying to gain access to my server. Of course, they can never get into my server since I’m monitoring them closely.

In case, if you already got hacked, you should change FTP and Database credentials right away. Do not wait!