I had just told a group of students not to worry so much about their sites getting hacked. It had never happened to me in all the years I’d been blogging and using WordPress.org, and I’d been a blogger a long time. And then, BAM! One of my sites got hacked. And then another got hacked…and another…all in one week! And then the first one got hacked two more times over the course of the next month! Hackers seemed to have targeted my sites.
I was distraught. Each time the hackers left a big, scary message flashing in black and yellow in Arabic on the home pages—and it had audio, too. The only thing I understood was the word ” ISIS.” Not only was that extremely frightening personally, but I figured that message could quickly kill my reputation as a blogger.
I contacted my webmaster and my hosting company. Within an hour, my sites were back up and running.
While the attacks on my sites were obvious, you may not realize your site is being hacked. Here are some less apparent signs that your site is under siege:
- Your blog loads more slowly—and it continues to get slower over time.
- You find odd links on your website.
- Your Google Page Rank drops for no reason.
- Your Google webmaster tools describe your site with unrelated or odd keywords.
- You perform a Google search for your site, find your URL, but the results show titles and descriptions that don’t correspond with your site.
- Your website or blog traffic decreases without reason.
If you think your site has been hacked, don’t panic—even though I did the first time. Learn from my experience instead.
I learned two big lessons:
- You must protect your blog from hackers before it gets hacked.
- Most sites can be “un-hacked” if you take the correct precautions.
How do you do that? First, protect your blog. Here are a few simple ways.
13 Ways to Ward Off Hackers
- Have strong passwords.
- Change your passwords regularly.
- Ask your hosting company to install a plugin to monitor changes to your site or account.
- Scan all themes and plugins prior to installation.
- Use different passwords for different functions on your site.
- Update WordPress and all plugins and themes regularly.
- Delete unused plugins.
- Delete inactive user accounts.
- Don’t use the “Admin” account to create content; instead set up a user account with a different name in your WordPress installation, and only use that account when creating and publishing blog posts or commenting.
- Scan for viruses and malware regularly. You can try this plugin: WP Security Scan.
- Install a security plugin, like Sucuri or WordPress Firewall 2.
- If you are a coder or very techy, this article provides a ton of code-related ways to slow down hackers. (If you aren’t techy, ignore this!)
- Restrict the number of failed login attempts to your site with a plugin like Login Lockdown.
4 Ways to Be Sure You Can Regain Control of a Hacked Blog
Second, take back control of your site. If your site gets hacked, you usually can log back in and repair the issues. Here are a few ways to do so:
- Back up your blog daily. (I was able to use a current back up of all my hacked sites. That’s how I restored them, and I lost no content at all.)
- Pay for good hosting. I now use WP Engine. It has its own protection mechanisms, so I no longer need any. Plus, a good hosting company can help you regain control of your site after a hack.
- Employ a good webmaster or web developer. This relationship is your second line of defense if a hacker targets it.
- Create an additional “Admin” account (before you are hacked) so you have an additional way to access your site if it gets hacked. (But be sure this account has a strong password! Hackers can get into your site through any Admin account, including the extra one.)
Unfortunately, the Internet has its own set of “bad guys.” If you set up a good security system, they won’t break into your sites. But if they do, you can be prepared to fight back so and not lose any content.
Freda Farmer says
Wow, Nina! What useful information! Thank you so much! I have some work to do. It is great to be told how to avoid the sharks in the murky waters of the web.
Michael James Gallagher Author says
Thx for that
Jenn Mattern says
I’m sorry this happened to you Nina. Unfortunately it’s quite common with WordPress blogs, and many bloggers do little-to-nothing to protect themselves. It sounds like you were lucky and it was a script kiddie thing where they put up their message without actually wiping everything out. That’s the most common — changes just made to the main index.php file.
You probably weren’t hacked multiple times, but rather they put in a backdoor the first time. Again, that’s very common. Removing the obvious changes to get your site back up sadly isn’t enough most of the time. And once you’ve been hit and they have your ip address, it’s not uncommon to be repeatedly hit with hack attempts.
Unfortunately I’ve been here too. I’ve run well over a hundred blogs over the last decade (both for my own business and clients), and it’s just a reality we live with and learn from. But the number one tip I can offer is not to rely on your host to fully clean things (unless you’re using a shared hosting account and don’t have full admin access to the server). If you have a VPS or dedicated server, it’s best to bring in a company specializing in these things. Sucuri is one option, but I’m a fan of Rack911.
These companies know what to look for. They’re better at finding back doors hackers put in (sometimes done earlier than the front-end hack so you won’t be able to find the changed files when you think they would have been changed). And they can do a lot to harden your server (far better than trying to secure exclusively through WordPress itself).
I’ll cross my fingers for you and hope your hacking nightmare is over.
Nina Amir says
Thanks, Jenn. Yes, I was lucky. And there are other stories that are much, much worse. Most of the cases I know of were cleaned up by developers, hosting companies or specialists.
Nina Amir says
You are welcome.
Bilqees Kenchi says
Hello, friend my question is that, please tell how to secure wordpress blog /site from hackers? Is this responsibility of hosting providers or my-self. Kindly tell some plugins for wordpress.
Nina Amir says
Read this, Bilqees: https://howtoblogabook.com/how-to-protect-your-blog-from-hackers/