Just before Christmas my blog was hacked.
If you’ve never been hacked then your lucky, there is nothing worse than arriving at your website, not being able to log in and then seeing a message
You got Pwn3d by [insert hacker group] because you disrespected Islam with the film “the innocence of Muhammed”
Yes those were the actual words that appeared on my blog and for the record I have never, don’t ever want to watch the innocence of Muhammed, from all reports it is the worse film ever made and was just a troll on Islam but back to my blog.
As this was the first time I had ever been hacked I did what any self-respecting blogger would do…sent a tweet about it. Then it hit me. Oh no, when did I last back up… wait, are the back ups on the web hosting? Can I get them? Wait! Can I restore them myself?
That’s right panic! A week later and I was better than ever and I had learned some valuable lessons that helped me for the future. (some of these lessons were rammed home again when another blog was hacked two weeks later.)
1. Don’t Assume Your Blog Is Safe
In a world of Trolls, Hackers and Cat Pics you can never know if your blog is safe. I thought that my new blog was too low profile with too little footfall to attract any hackers but it turns out some people just like screwing with other people.
You might have a giant blog, or a brand new baby blog (it’s a boy!) hackers just want to smash stuff up.
2) Use A Good Password
If your password is 12345 or Password then you are banned from the internet until you learn better. This is your front-line of defence and the first point people will try and get you out.
Have you ever played the game “Guess the Wifi password” it’s great fun and sometimes stupidly easy. I’ve seen passwords which were the same as the user name, the persons name plus wifi or (my favorite) just Wifi..yes really. Not that I have ever logged on illegally to someone’s WiFi.
So what makes a good password.
The best passwords in the world are
- Use numbers, capitols and lowercase letters
- Don’t contain any words or anything that is like a word.
So for example alkhAlDsdjSDasnVdlaMOsda would be an amazing password that a computer would struggle to hack…unfortunately trying to remember that password is going to be tricky.
There are many tips for making a good password but you need to be able to remember it and be unhackable but here is a method I like.
Make a sentence rather than just a word (it will need to be long). To better explain it…check out this cartoon.
3) Use Protection
No matter how good your password is, if there is a determined hacker then they will hack it eventually via a Brute force attack. Using Login Lockdown you can stop repeated attempts at login from a single IP address.
It isn’t just brute force attacks you need to be aware of though, better hackers know about back doors into WordPress and if your version of wordpress, theme or plugins are substandard (or even just not up to date) then hackers can enter there.
Make sure you keep them up to date and use a plugin like Bulletproof security to close off any unwanted access points.
4) Back Up Regularly
Regularly backing up will help you if the enemy get’s behind lines and starts causing havok. It’s also a good idea in case your latest site upgrade turns out to take your site down.
Make sure you keep your backups off hosting so that they aren’t tampered with as well. A service like WordPress backup to Dropbox automatically backs up to your Dropbox account, or BackWpUp which is more adaptable and can be used on a variety of web storage systems including dropbox
5) Make Sure You Have A Good Web Host
Apparently web hosts don’t affect the likely hood of you getting hacked (I highly doubt this seeing as everyone I knew on my web host got hacked within a 4 week period suggesting they were certainly targeted) but a factor that definitely is different is the amount of support they offer.
When your site goes down you want to know that someone else has your back and can help you out. Great web hosts do this, average and cheap ones don’t. You may save a few bucks now but is it really worth it to not have the support when you need it most.
6) See It As An Opportunity
When my site got hacked I didn’t know if I would be able to get it back. It really made me think and take stock of how things were going, how much work I had to do, all the other projects I wanted to get going and all the mistakes I made in the past.
In the end I decided that it would be better to combine it with another site I was running. That way I could expend less energy in total but gain more results.
It was a surprisingly easy decision in the end but one I probably wouldn’t have come to had my site not been hacked. At that moment I decided to take my lemons and make some lemon aid. I’m sure you can do the same if you face similar problems.