Have you ever thought about how to prevent your blog from being hacked?
Did you even know your blog could be hacked?
I didn’t until this weekend both of my self-hosted WordPress sites were hacked into. I was pretty shocked because it’s not something that I’ve ever heard of before and I still can’t really understand what there is to gain from doing it but on Saturday I went to sign into my WordPress admin panel to be met with various error messages and a blocked threat alert from my anti-virus software.
Dad2BabyInsomniac assured me to stay calm as it was probably just a temporary thing but when I started to get messages from people who were all being warned not to go onto my site I started to freak out so I emailed my hosts who said they would look into it.
The email that followed was a bit of a shock, I was basically told that my site had many hacked files and that my database was also affected. Apparently the spam link is done through the WordPress header or footer hooks and the purpose is to steal the bloggers search index and improve their page rank.
The outcome didn’t look good on Sunday. I was told that I needed to re-install my WordPress software and that there was a small chance they would be able to use my back-up but that if not I would have to start from scratch! I was literally devastated, I have spent the last year building up this blog and to think that it could have been for nothing was enough to reduce me to tears.
I did keep it in perspective though, at the end of the day it was just my time that was wasted and no-one was hurt. Luckily on Monday my hosts managed to restore both this site and The Perfect Romance Experiment which was such a relief. They weren’t able to fully reassure me that my database was free of hacked files, it was more of a ‘we think’ but they both seem to be fine so I am happy enough with that.
I basically wanted to write this to make you all aware that there are hackers out there who are targeting bloggers. If you self-host and use the WordPress software then you are particularly at risk.
I’m not an expert but here are a few things to reduce the risk….
1. Update your WordPress software and plugins as soon as possible – once they are outdated they are not working on keeping them secure anymore.
2. Choose high strength passswords of 16 characters or more and change them monthly. Make sure they include symbols such as #!%& and don’t choose the names of people who you write about on your blog. Use different passwords for every site you need to sign into and don’t keep copies of them on your computer.
3. Back-up regularly, I know a lot of people don’t ever back-up but even if you don’t get hacked there is still a chance you could lose everything so back-up your site at least once a week. If you use WordPress then here is the link that tells you what to do – How To Back-Up Your Database.
As well as backing up once a week I am also going to print off all the posts that I want Iyla to read when she is grown up, at the end of the day no matter how many times you back-up it’s still not the same as having a paper copy.
Unfortunately there are hackers out there trying to get into everything so just be aware.
If you want to know anymore about it or think you might have been hacked and aren’t sure what to do then here are some links that I found particularly helpful -
http://thehackernews.com/2011/11/blackhole-exploit-kit-attack-on.html
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
http://thehackernews.com/2011/11/blhttp://thehackernews.com/2011/11/blackhole-exploit-kit-attack-on.htmlackhole-exploit-kit-attack-on.html
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/ http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
I can imagine how stressed and upset you were over the weekend. The idea of losing all that work would reduce me to a blubbering, quivering wreck. I try to back my blog up regularly, at least once a month, but I know I should do it more frequently. I also email myself copies of favourite blog posts so that I’ve got another copy. And I try and back up on my mum and dads computer from time to time too.
That makes me sound a bit paranoid doesn’t it?
Anyway, I’m glad you’ve got both your blogs back up and running. X
Lucy at Dear Beautiful Boy recently posted..something i love
God that’s scary! I’m not self hosted but mostly type straight into the blog so don’t actually have any kind of back up. I would be gutted if my stuff was stolen. Glad you got it all back!
Notmyyearoff recently posted..Mugs!
goodness what bad luck Jess. its funny because i did get some weird message via your blog but i just thought it was spam. sorry i probably should have told you.
so glad you have got both sites back up and running xx
jenny Paulin recently posted..To Share-o The Solero
Oh did you?! I wonder how many people they did that too! I am so relieved it was sorted out without any major problem! x
You see I don’t have back up’s of mine I don’t think…I am a little naive when it comes to things like that. I am glad your back- I got worried when I saw the message! x
Katie @mummydaddyme recently posted..My Little Love Story- Part Four- Just Friends?
So glad you got your blogs back. What a nightmare though! Can’t believe they can do it so easily.
Rebecca recently posted..A Squash and a Squeeze – Coping with 3 children
This is so scary. I’m sorry you had to go through this. Thanks for sharing what you’ve learned though. x
Circus Queen recently posted..Love’s new language
Thanks for the tips! I didn’t know about backing up so I just did to be safe!
Jordan recently posted..Why I’m Blogging For My Career
Scary stuff! I had a bit of a Wordpress scare recently too and have just had a complete security overhaul, especially routine backing up! I also had to change my theme, which was a bit sad because I loved the old one. But still, better to be safe! Great advice you have here.
Misha – TheBlingBuoy recently posted..Comment on An urban legend by Bee
I’m glad you got it back, what an awful time. I was upset enough when my e-mail got hacked. I often wonder if all these random users that are signed up can be to do with hacking – so shall visit those links. Thank you for this great advice.
Pinkoddy recently posted..Silent Sunday
No probs, I was so shocked when it happened as I had no idea that hackers were targeting blogs, guess they find their way into everything x