Discussions
Has Your Blog Ever Been Hacked?
Posted by rosebud33 • 6/22/09 • Subscribe to this Discussion [RSS] • Report This Topic
Topics: blog hacking, google, hack prevention, hacked
I have been hacked before on my Wordpress.org blog. Yet, I was wondering if anyone else has and what you did to correct it.
I found help contacting some folks I knew and looking for a virtual assistant who could give me some advice.
I found out that The Word Press Wizard, Cathy Perkins is giving a two session seminar on preventing your Wordpress blog from getting hacked next week. www.bloggingforboomers.com/securityteleseminar
But I wanted to know what folks were already doing to prevent it and how you fix it when it does happen. I think the biggest chore is getting it back in the graces of Google.
User Comments
-
Yeah. My blog is constantly hacked by this annoying guy who keeps writing personal stuff on it. Mostly rants about how life isn't so great. And pictures. He always posts pictures. -
I have been hacked twice. Not a pleasant experience-
Yes, by vbhacker.net. Deleted everything! Well, I got the message about having a strong pasword anyway.
Tom
-
-
Haven't been hacked yet.
-
Spammed, yes. Hacked, no.
-
Spam comes with the territory.
-
-
Never been hacked.
Hackers: May all their orgasms turn to stone.-
A stonasm?
-
-
@rosebud33
- I have never had my blog hacked. However, the night before last night my web hosting service was hacked and all their servers from letters A-D and all their customers with sites on those servers were affected.
My blog was one of those that were completely lost the night before last and had to be restored from backups. That's why no one could access my blog for a day and a half, and why I was unable to answer comments or publish a post. Today I can access my blog again --- whew! Yesterday and the night prior it was gone.
I can share some preventative tips with you and there are articles available on how to prevent your wordpress blog from being hacked. There are helpful plugins as well.
Bloggers running out-of-date versions is the primary cause of hacks. Many bloggers don’t have the time or the technical skills (or the time to learn the technical skills) to do their own upgrades, so upgrades don’t get done.
Wordpress Security Tips and Hacks
(1) Do no allow access to search your entire server.
(2) Directories should not be left open for public browsing
(3) Drop the version string in your Meta Tags
(4) Protecting your Wordpress wp-admin folder
* Limit access to wp-admin folder by IP address-
* AskApache Password Protect- Plugin
* Login LockDown Plugin
(5) Stay up to date
(6) Take regular backups of your site and Database
(7) Update your wordpress to latest version
(8) Use SSH/Shell Access instead of FTP
(9)Stop worrying about your wp-config.php file
(10) Protect Your Blog With a Solid Password
www.noupe.com/how-tos/wordpress-security-tips-and-hacks.html
Disaster Planning: Backups for Bloggers.
onecoolsite.wordpress.com/2007/10/27/disaster-planning-backups-for-bloggers...-
ah so that explains the 'link appears to be broken'on your second blog TT. -
@celticmusicfan
- Yes. I have been freaking out quietly inside for 2 days. It was in the best interest of us all who were hosted on the servers that were hacked -- thousands of us -- not to say anything until the restoration work was done. Some is still ongoing and more security measures are being put in place.
I wasn't ignoring my readers and commenters I just had no blog to get into --- gone! And today I have other paid work to do so I won't be able to get much, if any, blogging done. -
@TT--You know--I tried to go to your blog just yesterday and it wasn't there! I know you had been having some problems--I'm sorry to hear about your troubles.
-
-
Are you guys using passwords that are actual words?
It isn't possible to hack an account if you use passwords that are not actual words.-
Fair point, but "123" is not an actual word and I'm sure it would be easy to hack. Or any word with a number before or after it would not be difficult to hack.
Better to include a non-alphanumeric character like !
Tom
-
-
Yes, Do not leave your WP folders with 777 permissions. They don't need passwords to access this. They will upload files to your folders and then start their game. -
Someone hacked into my site yesterday morning, and by the afternoon I was on Bank of America's Number One Hit list for Phishing sites and received a cease and desist (and shut down) order. It was quite annoying and limited to one site, but .. yeah quite annoying. -
Not yet but my friends blog has been hacked.
The best thing to do is do not press anything upon the spam comments because they can identify you. Simply add the captha plug in (google it like wordpress plug in captha) and install it. I did it, no spams for 5 days. Neither a single one. Then change password very often. Not only single words. -
@timethief, your list of tips are more than comprehensive and helpful. Please let us know if you develop some "how to" steps we can follow. This is an awesome list. I am glad your info was backed up. Do you use the wp-backup plugin? I also really appreciated you tip on using the SSH-Shell access instead of FTP. I am trying to learn as much as I can for prevention. The teleseminar I attended was awesome. I appreciate all your comments.
I am also glad that none of you gave up and trashed your blogs when you were hacked. Sign of true bloggers.
Add Your Comment
Login to leave a message.
