Up until now, there has been three times since this site was hacked and it really made me annoyed when i had to clean up the mess, enabling the inaccessible pages and keeping the sites from not being banned by google. It was the time when i realized how important to prevent and secure any website, not just wordpress site from this unethical hackers before launching it online. Herewith i found few tips to prevent and secure wordpress site from hack.
When do you realize your site was hacked
There are several symptoms that you may experience which i also experience, it may be different from each situation.
- Strange links in your post just appeared. You may notice this when you editing your existing post, that is why you may not notice right away.
- Weird blog behavior, like blank pages, abnormal pages or pages that may redirect you to another site. This may be a hack that modified the pages through ftp injection or it may even not a hack (outdated plugin may also causing this).
- If you view the source code of the site and you see strange code exists. The code may be an iframe code that redirecting to another site or ip address.
- Or if you try to go to the site, the search engine marked “This site may harm your computer”. You may get this message nowadays from various search engine or you could be receiving a message from google about your site.
What is in it for these hackers
Only simple messages to them, go to hell. Go find another job. You better setup a company that profits you like microsoft, google or something rather than being this holy unethical sh*t.
- One major goal: promoting spam sites. It may be their own site or any other site that offer them lucrative profit for putting links like porn, pharma, travels etc. Usually these sites are spam and they get boost in profit for linking to our site while we suffer the next punishment from google, being penalized.
- Doing it for fun. No doubt there are some purely malicious hackers who simply enjoy damaging blogs, but most seem to use hacking as a means to an end.
How they hack your blog
One easy target the most is when not having the most recent version installed. Just like desktop software, when a bug is discovered, an update is created and the software prompts you to upgrade. However, the actual process of upgrading involves downloading and uploading files, backing up your database, and other tasks that non-techies find similarly intimidating. So many bloggers just don’t upgrade.
Though the bloggers often assume that they’re only missing out on new features when they don’t upgrade, the much more important fact is that they’re also leaving known security flaws wide open for hackers. Just like Windows, you only get the protection of the update if you install it. That’s why it’s so important to always have the latest updates (both with Windows and WordPress and any other software you use).
What to do when your wordpress is already hacked
Because there are different types of hacks and different levels of blogger expertise, there’s no one-size-fits-all fix. Usually it involves upgrading, digging into the files, and searching for any remaining hack code. Honestly, it can be tricky if you aren’t a WordPress code buff (because you don’t know what “normal” looks like). One simple way is to go to http://www.unmaskparasites.com and check the status of your site. Another lazy and costly way is to get a service from http://www.iframehack.com.
Prevent hacks and secure your site
- Always have the latest version of wordpress installed. Bug fixes may have been fixed, so that will prevent and secure the site from hack.
- Always monitor your site abnormality such as the source codes, pages, links and rating from search engines. You can always use seo sites that offer website monitoring such as visits, links activity, keywords etc. This helps you to detect the hacks.
- Backup. Backup. Backup. This is a golden rule for any site to stay last, ready before anything happen. One database backup weekly and full website backup (database and files) monthly is enough.
- Use wordpress plugins for admin access security. You may find useful plugins from this site http://www.aboutonlinetips.com.
- There is also a useful tutorial on how to secure your wordpress installation back-end such as the database, user sides, directories access and version hiding at http://www.loastartofblogging.com.
What else
When the frequency of WordPress hack is unevitable, just ask for professional service from wordpress forum etc. I bet you won’t face hack again if all of these have been applied to your site. Whatever it is, there will always be successful penetration from hackers in the end. They will find their way as usual and that will be the time when wordpress is releasing the latest updates. So you may want to update then.
Prevention
is a good thing when it comes to hackers, I have several security plugins
installed on my WordPress sites as well as htaccess protection, of course some
nasty spammers and other web parasites still get through but it helps against
majority of them. IP blocking helps too if you see suspicious activity in your
server logs coming from same ip just block it.
Yeah you’re right. I believe prevention is a good thing to avoid being hacks. What i mean here is the first line of defense is the most important part to secure. Once they got in, there is nothing you can do.
Wow! That was really great tips!
I would add one more tip here:
After installation the default admin user name is “admin”, so do not use
this user name as the chances of hacking is more. Change your admin
user name to some thing else after installation… 🙂