In the space of a week, I had all 3 of my sites hacked. It has to be one of the most frustrating things especially when you’re at work when you realise and are unable to do anything about it!
This isn’t the first time I’ve been hacked, either.
The type of hack I had was one where the hackers (dicks) put some code on my site that re-directs to a spam site. You know the type of sites that tell you you’ve won a new iPhone?
I was livid.
The first time it happened, I spent most of my Saturday trying to sort it out. Annoying as I had lots of other things to do. It seems so pointless writing new posts for your hacked website. Especially when your host can only offer you a rollback, meaning you’ll lose all content past that point.
I paid one company to sort it out in the end, but I wasn’t happy with the service. There were constant emails back and forth, asking me to ask my host questions via support tickets. The emails did not come across very professional and I felt a bit odd about it all. In the end, I changed my password and didn’t have them complete the service.
I paid a second company and had a better experience. They sorted everything out and then once the site was fixed, they sent a report telling me what problems I had with my now clean site. This site was called siteguarding.com. They also monitor your site for 14 days after – with an option to pay extra to monitor it for longer.
Anyway, following this experience I thought I better clue myself in how to stop this from happening again.
So here’s how to prevent your blog from getting hacked.
Back up your website.
Always have a backup of your site to hand. I cannot even imagine how awful it must be to lose 5 years worth of blog posts.
Get yourself a security Plugin to help protect your site. I was recommended Wordfence be my hosting company.
Wordfence has features like a firewall to identify attackers and block them before they access your website, blocks certain usernames and locks out users after too many failed login attempts or who try to use an invalid username. You can scan for malware, view logins and blocked intrusion attempts and more. There is also a premium version that offers a higher level of security.
There are many other security plugins out there, it’s worth researching and reading the reviews of some before committing.
Keep your site up to date.
WordPress is always updating its security, so the latest update often contains fixes to security issues to make it more stable. This is the same for plugins. It might seem like a hassle, but it only takes a couple of minutes to update your website!
Get rid of old plugins.
If you’re using a plugin that hasn’t been updated in over a year, then delete it and find a new one that is updated. It’s likely plugins that aren’t maintained are not stable.
Change your password often.
One of the ways sites are hacked is by using brute force attacks – this is trying many password combinations until the right password is guessed. The more often you change the password, the less likely it is to be guessed.
Use a strong password.
It’s very tempting to use the same password for everything but you can’t get away with doing that anymore! Ensure you have what is classed as a strong password – these are obscure passwords that use a combination of capital letters, small letters, numbers and special characters.
Hope this hopes and hope you never have to go through a hacking like I did!