My WordPress blog was hacked a few days back. There was nothing unusual about it, because this happens to thousands of WordPress blogs around the blogosphere.
Wondering what this blog post is all about, if that was normal?
First let me explain the entire incident.
I wanted to add a code to the header section in my theme. I hence logged into the theme editor section and opened the header.php file. I observed something very strange in the file. There was some code added to every line that started with <?php. It looked like a base64 code to me, but I was puzzled as to how this code was added to the theme, when originally I had no such code.
That was enough for me to conclude that it was the act of a hacker.
About 3 weeks back, I had received an alert from Hostgator, saying they suspected a security infringement in my hosting and that they had cleaned everything. They also asked me to change my passwords, which I very smartly decided to ignore.
The consequence was evident in less than 3 weeks.
WordPress blogs are the most sought after by hackers and many a times they are successful in hacking it too, not because of a problem with WordPress. Instead because of sheer ignorance on the part of the blogger, primarily because most blogs lack a robust WordPress backup and security.
In one of my earlier post I had spoken about another attack on my WordPress blogs (that was more than a couple of years back). My hosting provider was as lazy as me and had not put enough security measures in place. They did not even have a good backup mechanism…Consequence, I lost all my content of about 19 months and had to restart from scratch.
I learnt my first lesson; Choose a good hosting provider who has
- start of the art protection from spammers and hackers.
- Has a scheduled backup mechanism in place.
This is how I ended up with Hostgator because they were the best in the industry when it came to hosting you websites, especially WordPress websites.
(You can get a discount on your first month at Hostgator – Use the coupon code:DKSPEAKS10)
How to Secure your WordPress Installation
If you are running a WordPress blog, it is extremely important to ensure that you keep your installation secured. WordPress is an extremely robust platform and the creators ensure that they keep upgrading their files to ensure that they are out of the reach of hackers.
You might want to look at some of the below tips to ensure that you blog is protected.
Update your WordPress Installation to the latest version
WordPress keeps releasing updates from time to time. It is extremely important that you update your blogs to latest version. These upgrades are to plug any loopholes that may exist in earlier versions. The WordPress team ensures that you are informed of these upgrades by displaying it on the dashboard of your blog.
Ensure that all plugins are also updated
Plugins too are very prone to attack. There are a lot of plugins that are outdated and are no longer support by the creators. Periodically check your blog for such plugins and uninstall them.
Also update all other plugins to the latest version.
If you are somebody like me who run multiple installations, keeping a track of updates and updating your blogs could be a tiresome task.
I found a very simple software that can do this for you. This software can update your WordPress installation and you plugins as well at a single click. I have created a video that can show you how this software does all this. Read the post here.
You can check out WP Update Robot for more information.
Protect your WordPress Database
If you have installed your blog using the Fantastico installation in your hosting account, then this is for you. All such installations create databases with simple names like xxxxxx-wrdp1, xxxxxx-wrdp2 etc. where xxxxxx is your hosting login.
Such databases can be easily broken into by hackers. Hence it is important that you change the database names for your blogs to something that is not that easily de-codable.
Periodically backup your blog using a Good WordPress backup plugin
It is important to always backup your wordpress blog. This was one of the mistakes I did when my blog was first hacked and consequently I lost all my content.
Set a schedule to backup your blog. If you publish posts very frequently, then you should backup your blog at least twice every week. There are numerous plugins that can do the job for you.
WP-Backup is one the best free plugins that I found. You can also schedule these backups and get them emailed as well.
I prefer Backupbuddy in addition to the above said free plugin. Backup buddy is the best when it comes to backup and restore. It has numerous customization options and restoring your wordpress, if at all it goes down is a matter of a few minutes.
Order your copy of Backupbuddy today.
In addition to all this, it is also important that you host your wordpress blogs with a good hosting company.
Don’t forget to let us know how you keep your wordpress installation secured.