Protect your Blog - Website hacked

Just wanted to share an experience I had recently.

We’ve had a blog up and running for several months now and everything was going swimmingly. Over the past month, I hadn’t had much time to update and check postings but pressumed all was good. I did wonder why booking numbers had dropped but thought this was down to the market I work in (employment market). The blog is wordpress and is intergrated into a static html site.

Checked the site last week, only to discover the blog had been hacked !

I won’t go into the specifics, but until now, I’d never thought about backing the blog up!!! My jaw dropped when I realised how open I had left my business and the risk I had exposed myself to. I very easily nearly lost everything.

So just wanted to remind other novices (like me) that without back-up’s and additional security, you can lose all your hard work to random hackers. Don’t just rely on WP passwords.

I also want to thank theRaptor for coming to my aid and just how useful SitePoint & members have been in helping in a situation like this. theRaptor has been ace and saved me.

Hope this helps others remember to update security and WP plug-ins.
Please add any of your own experiences or tips to help me and others like me improve site security.

thanks

Thank you. It’s been great working with you… totally my pleasure.

The most primary step that you may take is to run through the logs and look for suspicious users (IP’s) trying to get access to pages which they shouldn’t ideally be trying to use.

This happened to a customer. He said he now makes sure to update his blog software when updates come out, he also periodically changes his password.

After implementing web 2.0 technology blogs are very useful for generating more and more traffic to websites. If blogs are updated regularly with fresh and unique contents then it an easy way to driving traffic website. So in this way it is very important to protect blog from hackers. When you are using free blogs then, keep in mind not to keep same password for you blog same as your email ID. It may be hacked your blog as well email ID

Thanks for the concern to other members here. I’m sure through this, others will be enlightened and made a decision to backup each files and secured everything.

Just want to share my experience as well. My website was hijacked and used for phishing purposes. The people who hijacked the website somehow was able to do it without going into the server where the site was hosted (or that’s what I think). This is because when I checked the files at the server, those additional files are not there. Google blocked the phishing extension but not my site…

That why i allway try to build in my own protections in open source programes. There all the same, if you do not have the knowlage to edit some of the code your easily exposed to tho who want to harm you.

If it’s a business website (or even if it isn’t), you should definitely be running regular backups of at least the database and one of your uploads folder (where all your images are saved). A daily backup of each is a good idea, and if you can, pull that backup off of the server itself (like to your computer or another server). That way if the box completely fries or something, you can recover. It can happen easier than you think.

Nice warning.

This is a reason that I always backup my sites/databases daily and store it on an external every week or so. I also periodically change my password, every 3 months or so, and make sure use encrypted passwords whenever accessing something.

Nice warning, thanks for sharing :slight_smile:

try updating your cms everytime there is an update available

Don’t allow php and html in post content.Change the default login folder names.

Keep those updates and plugins current. You aren’t the only one in the blog hacked boat. Many people don’t realize the vulnerabilities that exist. It is good to hear that you were able to fix it up and get it secure again. It is easy to overlook keeping your blog current on more than just its content but it is as important to maintain your security as it is your content.

Securing your web properties is really really important especially if it is important to you.

I have setup cron jobs on my server that backs up my database and files every day and every week. I will then download it to my computer every week. I learned my lesson few months back when somebody deface my sites.

I found out in January that ALL my domains had been hacked and infected with an encoded Base64 script.
I spent weeks trying to get information on what this was and did, and on trying to remove the malicious code.
3 times I spent hours editing PHP scripts to remove the hacked code, and within hours everything was infected again.

In the end I salvaged my posts, pages and other content, and rebuilt the sites on a new host server, adding more security and taking other precautions. Hopefully this time I won’t suffer the same again.

I’ve always suspected Wordpress is overrated (even though I haven’t used the paid version - $99 / year are you kidding me…)

A lot of people neglect sophisticated passwords. Backup of your content and databases is always good. Laziness is easy but what I’m speaking of isn’t hard…

Apparently this hack has been a problem for a lot of people. I found one fix here: http://danhilltech.tumblr.com/post/18085864093/if-you-get-eval-base64-hacked-on-wordpress-dreamhost

I am frequently annoyed by the comments on my blog posts. they have no connection whatsoever to what I have posted and they spam my inbox. is there anyway I can stop that?

moderate them and post on your blog that all comments are moderated and will be published after approval.

try this site to look up if your site is hacked or not: www.websitedefender.com