• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » We Got Hacked and We Have Learned To Protect WordPress

By Abhishek Ghosh October 14, 2011 9:42 pm Updated on November 4, 2014

We Got Hacked and We Have Learned To Protect WordPress

Advertisement

It was a targeted attack. Obviously by now we know the webmasters’ domains as well. They are not actually websites with great content, but get some traffic, which is declining sharply.
In this article we will share our experience with someone who is at risk like us and we received a post-mortem from some authority as well. So, everything is actually very clear to us. In this situation we can give you tips which will help your WordPres blog not to be hacked by any means.

 

Understand your blog can be hacked

 

Sharply rising traffic, high rising SERP along with some treat emails are quite indicative that you are at risk to be hacked.

Our WordPress installation itself was very strong. We followed all the main points mentioned by WordPress Codex to harden WordPress, tips from other well known bloggers, specially Darren Rowse’s one tips to check the working condition of the database backup, Matt Cutts has provided excellent tips to harden the security with .htaccess in his blog and most importantly, Perishable Press’s tips for install.php, all these were employed. We have no Themes or Plugins from questionable source, so practically we were safe from almost all parts except – our FTP username and password was very weak and the hosting company itself was not a great brand.

Advertisement

---

8 weeks ago we started to receive almost spam from a domain hosted on the same domain at 2 / min interval. We blocked from .htaccess. I must emphasize this is a tell-tale sign of attack. It is a brute force attack to break the protective layer of Akismet. Yes, Akismet was the first hacked plugin, it was the gateway for entry. I will suggest to use Akismet premium account for serious blogs rather than the free one, you will get better support.

If you are a recognized person, like Brian Gardner, you are definitely at risk.

 

Ways to prevent your WordPress blog from getting hacked

 

We will emphasize on one biggest factor – Host. Definitely Rackspace or Media Template like brands has the history of getting compromised but they have the quality stuffs to harden it. Our personal choice is Rackspace, we understand that it is costly for most beginners, you can go for Media Template or the Hosts officially mentioned by WordPress. By the way, Rackspace has a cheap option as well – their empty VPS, Cloud Server costs $ 49 / month. It is better if you purchase a licence of cPanel ($200 / year) and install on it. Its very easy to install. You can go to cPanel’s forum to ask and before that you must ask Rackspace yourself.

 

We Got Hacked and We Have Learned To Protect WordPress

 

Host factor alone can reduce the chance of getting hacked. Next is the weakest point on the server side – FTP. Basically if you have cPanel access, do not keep this FTP open. Simply do not activate it. Use the cPanel’s file manager to transfer the files, which is not only safe, but also fast and has advantages like unzipping the uploaded files.

If you are using Rackspace Cloud Sites, Rackspace will provide you SFTP, which is much secure (but more slow) than FTP, use Private Key to ensure connection, change the key at a closer interval.

For both FTP and SFTP, WinSCP is far better choice than popular FileZilla, simply because in case of Windows OS, FileZilla can be exploited easily as the password is saved without any encryption and the Malware can be passed to your nice server. Even if you use FTP, use an unusual username and very strong password. Change the set frequently.

Next is Operating System. Windows OS is itself risky. It is far better to use any flavor of Linux, most are free or Mac for using FTP or SFTP. Simply, Linux or Mac is unlikely to pass the Malware as the system themselves can not be infected like Windows. Furthermore, it is easy to operate the server too. You can follow this tutorial to remove malware, if you are a Windows user.

Next point is hardening the WordPress and installing important security plugins. WordPress Codex itself has tips to harden your WordPress.

The last point is for WordPress proper, try to create only one account for the Guests. Name it Guest and never give any guest to login to post. Obviously, change the password frequently. Presently we have no way to use the secured authorized login option like Google+ ; when we will get API, it is a good idea to implement. It will be better if WordPress themselves add such option in some next version. Using SSL for login can be a good idea to protect.

Any abnormal behavior of WordPress, like Pingbacks and Trackbacks not working, Images are not getting uploaded, you are reaching the resource limit can be indicative of ongoing hacking attempt or an existing exploit.

Our loss is more than $ 500 and counting, you can be more than us if you loss the posts. So, it is very very important to take database backup manually and test on your test blog, downloading the full web content through cPanel file manager (you can zip it and download) or SFTP. Also, take backup through WordPress Export-Import feature. ZIP files should be written on CD (preferred over DVD) and Online Storage. You can use Vault Press too. Rackspace takes 6 hourly backup. So, its almost impossible to loss any post. If you lost any post, use Google’s Cache to get them back.

 

This Article Has Been Shared 813 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to We Got Hacked and We Have Learned To Protect WordPress

  • 66 possible topics for your blog

    Here are some topics to write blogs, which are almost guaranteed to give you good ranking in search engine result pages for long run, if you do care about SEO.

  • Meta Description for your blog : Tips on writing unique Meta Description

    Meta Description is very important part not only for Search Engine Optimization (SEO) but also for attracting visitors. Here is some tips on writing unique Meta Description for your blog posts.

  • Lake Quincy Media : Our One Year with Leading Developer Ad Network

    Lake Quincy Media is sponsoring us for the past one year. How is our experience with the Leading Developer Ad Network?

  • WordPress Tutorial Series : Working with FTP Folder Content

    WordPress Tutorial Series is both for the new and power WordPress users. Working with FTP Folder Content is an important part of management of WordPress.

  • 100 Tips for Building and Maintaining a Successful Blog

    100 Tips for Building and Maintaining a Successful Blog is the 2500th article published on this website.Free Infographic is also included so that you print it.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Comments

  1. AvatarSaurabh Mukhekar says

    October 15, 2011 at 12:20 pm

    ohh ,yes That’s great news ,Will catch your updates, try to install most WP security plugins ,all the best

  2. AbhishekAbhishek says

    October 16, 2011 at 10:00 pm

    Thank you very much for the wishes and the nice suggestion.

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What is Configuration Management February 5, 2023
  • What is ChatGPT? February 3, 2023
  • Zebronics Pixaplay 16 : Entry Level Movie Projector Review February 2, 2023
  • What is Voice User Interface (VUI) January 31, 2023
  • Proxy Server: Design Pattern in Programming January 30, 2023

About This Article

Cite this article as: Abhishek Ghosh, "We Got Hacked and We Have Learned To Protect WordPress," in The Customize Windows, October 14, 2011, February 6, 2023, https://thecustomizewindows.com/2011/10/we-got-hacked-and-we-have-learned-to-protect-wordpress/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT