It’s every blogger’s worst nightmare. You wake up, grab your coffee, sit down at your computer, pull up your blog…. and it’s gone. It’s showing a weird code error message… or a strange foreign language political message… or it’s been taken over by bad guys using it to distribute malware to visitors or in a phishing attack…
Why?!! I can’t claim to understand the mind of hackers–it’s just a terrible thing to do, and illegal. But generally the motivations are either to spread a message (political/religious), distribute malware (programs that download to visitors computers and allow the hackers access to their computers), or just take down blogs because they can and they’ve got a warped sense of fun.
The good news is that a few simple steps can really reduce your chances of falling prey to an attack.
1. Stay Updated
If you choose only one item from this list to take action on, make it this one. Keeping your WordPress installation, all your plugins and themes updated is the best way to stay protected. When WordPress releases an update, many times it’s because they’ve found a security vulnerability and patched it. If you don’t update, your blog is open for an attack.
Almost every time I’ve been asked to help fix a blog, it was not running the most up to date version of WordPress.
2. Install Security Plugins and Use Them
The security plugins I choose to protect my blog with are:
Bulletproof Security — this one will help protect your blog from a variety of attack types by guiding you through removing vulnerabilities and beefing up your blog’s security.
WP Security Scan — a plugin from WebsiteDefender, this one will help you verify security settings for your blog and make sure you’ve got things setup right.
Threat Scan Plugin — this plugin is super useful if you’ve been hacked, and a great option for “peace of mind” checks, as it scans not only your files but your entire database looking for possible malicious code.
3. Keep Backups of Your Blog
On a cPanel host, this is easy to do with the backup tool. If you have access to it, that’s what I recommend using. But remember to download the backup and save it to your computer. If you leave it on the server and the server crashes, that backup won’t be able to do you any good.
With WordPress, you can use the plugin called BackWPup to save your entire blog (database and files) to your server space, Amazon S3, or a variety of other options. There’s also WordPress EZ Backup which backs up the entire blog, but it hasn’t been updated as recently as BackWPup.
Have you been hacked yet?
Maybe you’ve been through it and know that terrible sinking feeling in the pit of your stomach. Maybe you’ve been lucky so far. Either way, take steps now to protect yourself for the future, okay?
Hacking attempts are like server crashes and computers dying. It’s not a matter of “if” so much as a matter of “when.” With good security you can help protect yourself against it happening and with a good backup you’ll be able to recover if it does happen.
Got any other suggestions on keeping our blogs safe and secure? Any plugins you like or hacking experiences you recovered from to share?
Image Credit: iqoncept/StockFresh