How To Stop Your Wordpress Blog From Being Hacked Into | Vince Cianci dot Com | Internet Marketing | Affiliate Marketing

How To Make Sure Your WordPress Blog Doesn’t Get Hacked Into

Posted on 23. May, 2010 by Vince Cianci in Blogging

Well I have fallen victim to the 20th century hackers or one might say I left my doors wide open for them to enter and help themselves to anything they like. I have had all my 5 or so WordPress Blogs hacked into to the point where I couldn’t log back in to check or change anything. Talk about getting PISSED off! Like many bloggers out there, I am a novice when it comes to the coding,html,CSS,RSS & technical know how when it comes to WordPress or any website programs for that matter. There are many amateurs who use WordPress as an easy not to technical way to publish content but don’t have the slightest clue when it comes to website security or all that other ‘techie’ stuff. I am honest enough to admit I am one of these people.

I received an email from Google (I thought I was important at this stage) telling my my site was infected with Malware and that the site is now banned to protect visitors computers from harm. In my mind I couldn’t see how this could have happened. Anyway when I visited the site I knew this to be true. Over the next few days I recieved a few more of these emails regarding my other sites. I now had a HEADACHE on my hands. I let it go untouched for way too long before taking any action on getting things sorted out and back to normal. I went online and read some websites about how to log into your WordPress blog ones it’s been hacked and the like and I just wasted time. Again I have NO idea about this stuff and most bloggers out there don’t either.

When I finally decided to fix the problem, I engaged Eleven Media to find the malicious code/virus and remove it so Google would allow visitors to visit my sites. So after about a week or so and $500 later all my sites are now back online and working perfectly. Don’t worry, They wont infect you now!!

I want to say thanks to Aaron from Eleven Media for fixing everything and providing me with some instructions to prevent this from happening again. I will now share these instructions with you below.

8 Steps To Take Now To Prevent Your WordPress Blog From Being Hacked Into.

1. Change your FTP password to a Stronger one. Those of you using an FTP program to upload files to your server make sure the password is strong. Mine was apparently so weak It was like I gave a personal invite to the hackers. If you don’t even know what FTP is then you’ll be fine!

2. Change your Hosting account passwords to a stronger one. (In my case GoDaddy). I cant even remember my customer numbers or passwords and being such a big company I doubt the hackers got to me this way.

3. Change your Google accounts to a stronger one. This includes your analytics accounts, adwords, gmail etc..

4. Back up your sites content & database. I personally am not sure on how to do this. I thought there was a plugin for this. If anyway can answer this question please do so in the comments below.

5. Upgrade WordPress to the latest version. Version 3.0 due around May so upgrade then.

6. Remove your unused Plugins. No point keeping them there if your not using them.

7. Update your used Plugins to the latest versions. It’ll usually tell you in the ‘Plugins’ section that a new version is available. Update it. Make sure its reputable. Don’t download crappy plugins with poor feedback.

8. Ensure that YOU are the only user/admin.

I wish I had this list when I first started blogging. Perhaps I would have saved myself a headache. I have learnt my lesson well and have already implemented the above on all my sites. Again I would like to thank Aaron Rutley for his help. If you guys have any additional support tips that I haven’t mentioned, feel free to leave them in the comments below and we’ll create a more valuable guide.

If you found this article useful be sure to ReTweet it out and send it to your friends.

Most Commented Posts

Tags: Wordpress Hackers

4 Responses to “How To Make Sure Your WordPress Blog Doesn’t Get Hacked Into”

Kathy Sammons

09. Jun, 2010

These are some great tips and everyone reading this should listen.
As far as backing up your database, which IS your blog:
If you have GoDaddy or Merge Domains as you host, log on to your account, go to hosting > (This part just changed for those of you that have not seen the changes) Actions > Launch App which takes you to the hosting control center.
Click on Databases > My SQL > Click on pencil next to your data base then choose Backup.

I hope that this helps.
Happy Blogging!!!
Kathy Sammons
Aaron

09. Jun, 2010

Hey Vince,

Thanks fort the kind words – I’m just glad all of your blogs are back online !

A quick way to backup your database is to login to WordPress and click Tools > Export.

This will backup all of your pages, posts and comments.
(It won’t backup your images or Theme but you can keep a copy of them on your local machine or download them Via FTP every once in a while).

There are plugins around that can run the export function and email you your database once a week or once a month.

Aaron.
Aaron´s last blog ..Social Media Revolution
What Does Wordpress 3.0 Mean For You | Vince Cianci dot Com | Internet Marketing | Affiliate Marketing | Network Marketing | Personal Development

20. Jun, 2010

[...] of those would be related to the security level. Be sure to read my WordPress security post titled How To Protect Your WordPress Blog and implement the 8 steps layed out for [...]
Raphael Chan

20. Jun, 2010

Hey Vin,

Because Internet Marketing coach David Cavanagh has had his sites hacked before, he is against using Fantastico because he feels they have a lot of vulnerabilities in their set up. So I’ve mainly used Expert WordPress, an online service which helps you do a WP install with preselected plugins ideal for SEO purposes.

For backups, I have a plugin (I don’t know if it’s standard, or part of the Expert WordPress install): “WordPress Database Backup” by Austin Matzko.

And if you have one of those standard installs where admin is your user name, that’s some of a hacker’s guesswork done already. I’ve been taught some way to change it directly in the MySQL database but it’s a lot simpler to add a new admin user, then log back in as the new user and carefully delete the first admin user.

I say carefully because you need to ensure that your posts and pages are attributed to your new username rather than trashed. I accidentally trashed my posts once doing this, but fortunately, I was able to recover it from the Trash!