I had just told a group of students not to worry so much about their sites getting hacked. It had never happened to me in all the years I’d been blogging and using WordPress.org, and I’d been a blogger a long time. And then, BAM! One of my sites got hacked. And then another got hacked…and another…all in one week! And then the first one got hacked two more times over the course of the next month! Hackers seemed to have targeted my sites.
I was distraught. Each time the hackers left a big, scary message flashing in black and yellow in Arabic on the home pages—and it had audio, too. The only thing I understood was the word ” ISIS.” Not only was that extremely frightening personally, but I figured that message could quickly kill my reputation as a blogger.
I contacted my webmaster and my hosting company. Within an hour, my sites were back up and running.
While the attacks on my sites were obvious, you may not realize your site is being hacked. Here are some less apparent signs that your site is under siege:
- Your blog loads more slowly—and it continues to get slower over time.
- You find odd links on your website.
- Your Google Page Rank drops for no reason.
- Your Google webmaster tools describe your site with unrelated or odd keywords.
- You perform a Google search for your site, find your URL, but the results show titles and descriptions that don’t correspond with your site.
- Your website or blog traffic decreases without reason.
If you think your site has been hacked, don’t panic—even though I did the first time. Learn from my experience instead.
I learned two big lessons:
- You must protect your blog from hackers before it gets hacked.
- Most sites can be “un-hacked” if you take the correct precautions.
How do you do that? First, protect your blog. Here are a few simple ways.
13 Ways to Ward Off Hackers
- Have strong passwords.
- Change your passwords regularly.
- Ask your hosting company to install a plugin to monitor changes to your site or account.
- Scan all themes and plugins prior to installation.
- Use different passwords for different functions on your site.
- Update WordPress and all plugins and themes regularly.
- Delete unused plugins.
- Delete inactive user accounts.
- Don’t use the “Admin” account to create content; instead set up a user account with a different name in your WordPress installation, and only use that account when creating and publishing blog posts or commenting.
- Scan for viruses and malware regularly. You can try this plugin: WP Security Scan.
- Install a security plugin, like Sucuri or WordPress Firewall 2.
- If you are a coder or very techy, this article provides a ton of code-related ways to slow down hackers. (If you aren’t techy, ignore this!)
- Restrict the number of failed login attempts to your site with a plugin like Login Lockdown.
4 Ways to Be Sure You Can Regain Control of a Hacked Blog
Second, take back control of your site. If your site gets hacked, you usually can log back in and repair the issues. Here are a few ways to do so:
- Back up your blog daily. (I was able to use a current back up of all my hacked sites. That’s how I restored them, and I lost no content at all.)
- Pay for good hosting. I now use WP Engine. It has its own protection mechanisms, so I no longer need any. Plus, a good hosting company can help you regain control of your site after a hack.
- Employ a good webmaster or web developer. This relationship is your second line of defense if a hacker targets it.
- Create an additional “Admin” account (before you are hacked) so you have an additional way to access your site if it gets hacked. (But be sure this account has a strong password! Hackers can get into your site through any Admin account, including the extra one.)
Unfortunately, the Internet has its own set of “bad guys.” If you set up a good security system, they won’t break into your sites. But if they do, you can be prepared to fight back so and not lose any content.