It’s every blogger’s worst nightmare. You wake up, grab your coffee, sit down at your computer, pull up your blog…. and it’s gone. It’s showing a weird code error message… or a strange foreign language political message… or it’s been taken over by bad guys using it to distribute malware to visitors or in a phishing attack…
Why?!! I can’t claim to understand the mind of hackers–it’s just a terrible thing to do, and illegal. But generally the motivations are either to spread a message (political/religious), distribute malware (programs that download to visitors computers and allow the hackers access to their computers), or just take down blogs because they can and they’ve got a warped sense of fun.
The good news is that a few simple steps can really reduce your chances of falling prey to an attack.
1. Stay Updated
If you choose only one item from this list to take action on, make it this one. Keeping your WordPress installation, all your plugins and themes updated is the best way to stay protected. When WordPress releases an update, many times it’s because they’ve found a security vulnerability and patched it. If you don’t update, your blog is open for an attack.
Almost every time I’ve been asked to help fix a blog, it was not running the most up to date version of WordPress.
2. Install Security Plugins and Use Them
The security plugins I choose to protect my blog with are:
Bulletproof Security — this one will help protect your blog from a variety of attack types by guiding you through removing vulnerabilities and beefing up your blog’s security.
WP Security Scan — a plugin from WebsiteDefender, this one will help you verify security settings for your blog and make sure you’ve got things setup right.
Threat Scan Plugin — this plugin is super useful if you’ve been hacked, and a great option for “peace of mind” checks, as it scans not only your files but your entire database looking for possible malicious code.
3. Keep Backups of Your Blog
On a cPanel host, this is easy to do with the backup tool. If you have access to it, that’s what I recommend using. But remember to download the backup and save it to your computer. If you leave it on the server and the server crashes, that backup won’t be able to do you any good.
With WordPress, you can use the plugin called BackWPup to save your entire blog (database and files) to your server space, Amazon S3, or a variety of other options. There’s also WordPress EZ Backup which backs up the entire blog, but it hasn’t been updated as recently as BackWPup.
Have you been hacked yet?
Maybe you’ve been through it and know that terrible sinking feeling in the pit of your stomach. Maybe you’ve been lucky so far. Either way, take steps now to protect yourself for the future, okay?
Hacking attempts are like server crashes and computers dying. It’s not a matter of “if” so much as a matter of “when.” With good security you can help protect yourself against it happening and with a good backup you’ll be able to recover if it does happen.
Got any other suggestions on keeping our blogs safe and secure? Any plugins you like or hacking experiences you recovered from to share?
Image Credit: iqoncept/StockFresh
-
7Shares
- 7
Great insight, Michelle, as always! I hadn’t used the security plug-ins, tho I do update and backup regularly. Thanks so much for keeping us informed. It’s too bad we have to consider something like this, but it’s great to have good resources like your site to walk us through! :)
It really is too bad. If only everyone cared how their actions affected others… but until then, good to protect ourselves as best we can and be ready to deal with it if it happens.
I’m heading over to Blogger to see what security plug-ins they have. Thanks for the warning, Michelle! Susan
Hi Susan, I’d love to know what you find – I don’t work with Blogger but I know some of my readers do so it’d be great info.
WOW! I just installed the 3 security plug-ins you recommended. thanks
You’re welcome, Nancy. Great to know action is being taken. :)
Michelle,
Thanks for the update on which plugins are the best. I will be updating my plugins today!
They keep changing, don’t they? I just look for what’s been kept updated by it’s authors. So many great plugins get left to get dusty and while they still work, especially for a security plugin, something updated is better.
Thanks for the good info.
You’re welcome. :) Thanks for commenting!
As always – useful and practical information. Thanks for the update. Keep arguing with my support he says not necessary to do these things, I say necessary – just sent him you blog
I always figure it’s better to be too prepared than to not have it when you need it. :)
I’m thinking of giving WordPress Defender a try. You can find it at: securemyblog dot com . Any comments on it?
I haven’t tested that one out but it looks pretty comprehensive. I’d love to hear what you think of it if you give it a try. :)
Hi Michelle,
I haven’t experienced being hacked yet but the tips you gave are surely helpful. Its always better to prevent this from happening. Thanks a lot for the information.
Yes, definitely! I hope that no one reading ever actually *needs* this information. :)
Hackers are always doing their job well…I hope we can prevent them…
It’d be nice it we didn’t have to worry about it but the best we can do is stay one step ahead of them. :)
Hi Michelle, It has not happened to me yet thank goodness. It is one of my worst fears so I will do everything I can to keep it from happening. Thanks for writing this post. I am going to install some of these plugins now!
It’s a scary thing if it happens and we don’t know what to do. But those plugins will help prevent it. :)
Hi Michelle,
Very Nice blog , and very informative.
Thanks for commenting, Vivek.