Blog hacking hell. How to survive the blog hackers
You may have noticed or heard that I had a ‘brute-force ‘ attack on my site recently. Basically that means an organised group of blog hackers attempt a global strike at WordPress sites. They will check out anyone with ‘admin’ as the user ID and then run programs to get your password. Once the blog hackers get in they can pretty much do what they like with your site.
We’re not sure if that was the way they got into my site though. It’s been a somewhat stressful 4 weeks of attempting to deal with the invasion and then tying up loose ends to make sure it doesn’t happen again.
It looks like they may have got through the back door via an old plugin which had become vulnerable due to not being updated by the developer or because I had not updated it recently. It could also have been the theme I was using which I hadn’t got around to changing to the newest version. Whatever it was it does leave a nasty taste in your mouth especially as it has drained my resources in terms of time and quite a bit of hard-earned cash.
The first I heard about this blog hacking incident was through an email from BT. The hackers had dropped some files on my blog which were automatically sending out phishing emails specifically targeting BT customers. I thought I’d found the offending folders, deleted them via my control panel and then advised BT that I had removed the threat and apologised profusely for the drop-off.
I was wrong!
What these ‘lovely people’ had done was to drop a sneaky robot which seemed to reproduce the files required to continue the phishing. Either that or they were tracking my every move and just added them again. Not that I’m paranoid or anything π
So it was back to the drawing board and eventually we decided to take the site offline, back it up, delete the theme and all the plugins and reinstall everything from scratch. I also now have a security plugin to help me track any nefarious activity on my blog. Being offline from a business point of view wasn’t too bad as most of my work comes from referrals.
Why did the blog hackers get me?
Well, because I’m so busy with other people’s blogs and making sure they are up-to-date and secure I had forgotten to attend to my site. You may have noticed that I haven’t posted here for quite a while. I’m more active on my social media sites such as WordPress.com, Tumblr, Facebook and Twitter to name a few. Letting my site go by not updating the theme and plugins regularly enough caused the blog to be vulnerable to an attack by blog hackers. I also got a call from Google saying that I needed to delete a folder on my site to clear the malware they had detected! So that will teach me!
What can you do to prevent blog hackers ruining your blog?
1. Choose a WordPress user ID other than ‘admin’ and make it as unguessable as possible.
2. Make your password as strong as possible using a mix of capitals, lowercase numbers and symbols.
3. Update your theme regularly and delete any old themes that you have installed but not used.
4. Update your plugins and delete ones you are not using. Choose them carefully. Blog hackers will be on the look out for vulnerable plugins. See my post on WordPress plugins to find out how to choose the best ones.
5. Add a security plugin to monitor your site like Better WP Security or Wordfence Security
6. Use a password to protect your WordPress login page. This can be done a number of ways via plugins or changing the .htaccess file. Be careful, though – these can break some of your precious plugins (Commentluv in my case).
7. Sign up to Google Webmaster so that you are informed of malware and attacks.
Perhaps buying a Doberman to look after your site is not such a great idea!
So be careful out there and protect yourself from the blog hackers and spammers. They think they are anti-establishment but all they tend to do is hurt independent businesses attempting to thrive and survive in this challenging economic climate. It’s caught me out this time and it is a big frustration attempting to recover from such an attack.
mythoughtstarter says
August 24, 2013 at 3:52 pmthanks for awaring us from the any such thing and to protect our website from being hacked.this is really nice one and also very different from the others an no one else got something link that.thanks to you for that great post and keep it .
thanks
John Cena says
January 15, 2014 at 7:45 amIndeed a magnificent post which will help the people to save their website and blogs from being hacked by the hackers. The author has indeed done an extraordinary work as the information in this post is accurate as I was able to protect my website from being hacked and I am sure by reading this post the people will also be able to prevent their blogs and websites from getting hacked. Great Job !
Sagar says
May 6, 2014 at 9:57 amNice and very informative post
There is nothing worse than getting your blog hacked and the damages they do to our site. There are many things that they can do with your site like dropping your files, deleting important information, destroying your resources and mainly taking up your hard earned money.
It is not that it can’t be prevented but precautionary steps should be taken to avoid such things. The above post explains us some ways by which we can prevent such problems for our site.The important ways I feel are using an unique id and strong password, having a good security plugin, connecting to webmaster tools and having regular visit to your blog even when not posting any content.
Great post and thank you for sharing.