Have you ever thought about how to prevent your blog from being hacked?
Did you even know your blog could be hacked?
I didn’t until this weekend when both of my self-hosted WordPress sites were hacked into. I was pretty shocked because it’s not something that I’ve ever heard of before and I still can’t really understand what there is to gain from doing it but on Saturday I went to sign into my WordPress admin panel to be met with various error messages and a blocked threat alert from my anti-virus software.
Mr C assured me to stay calm as it was probably just a temporary thing but when I started to get messages from people who were all being warned not to go onto my site I started to freak out so I emailed my hosts who said they would look into it.
The email that followed was a bit of a shock, I was basically told that my site had many hacked files and that my database was also affected. Apparently the spam link is done through the WordPress header or footer hooks and the purpose is to steal the bloggers search index and improve their page rank.
The outcome didn’t look good on Sunday. I was told that I needed to re-install my WordPress software and that there was only a small chance they would be able to use my back-up and that if they couldn’t I would have to start from scratch! I was literally devastated, I have spent the last year building up this blog and to think that it could have been for nothing was enough to reduce me to tears.
I did keep it in perspective though, at the end of the day it was just my time that was wasted and no-one was hurt. Luckily on Monday my hosts managed to restore my site which was such a relief. They weren’t able to fully reassure me that my database was free of hacked files, it was more of a ‘we think’ but they both seem to be fine so I am happy enough with that.
I basically wanted to write this to make you all aware that there are hackers out there who are targeting bloggers. If you self-host and use the WordPress software then you are particularly at risk.
I’m not an expert but here are a few things to reduce the risk….
1. Update your WordPress software and plugins as soon as possible – once they are outdated they are not working on keeping them secure anymore.
2. Choose high strength passswords of 16 characters or more and change them monthly. Make sure they include symbols such as #!%& and don’t choose the names of people who you write about on your blog. Use different passwords for every site you need to sign into and don’t keep copies of them on your computer.
3. Back-up regularly, I know a lot of people don’t ever back-up but even if you don’t get hacked there is still a chance you could lose everything so back-up your site at least once a week. If you use WordPress then here is the link that tells you what to do – How To Back-Up Your Database.
As well as backing up once a week I am also going to print off all the posts that I want Cherry to read when she is grown up, at the end of the day no matter how many times you back-up it’s still not the same as having a paper copy.
Unfortunately there are hackers out there trying to get into everything so just be aware!