hack wordpressI’m pretty good at keeping my web real estate safe from criminals but every once in a while someone finds a way to get in still.

Yesterday, I discovered about 20 of my WordPress web sites were compromised by an aspiring hacker. He or she may think it’s great fun and think that they have a right to hack web sites, but to me they are criminals.

They are no different to someone who skulks into your house at night to steal your jewelry. They hid behind the covers of the Internet, looking for someone to deface.

But in the end, the joke is on them. If you want to protect yourself from this sort of criminal intent, I have a few great suggestions for you.

First, take the time to get to know your hosting company’s plan of backup for your web sites. Make sure they are running a good backup plan and also ensure you know how to use it to recover your sites quickly.

My recommendation is to align yourself who offers Cpanel hosting as well as a backup product within their Cpanel called R1Soft Restore Backups. This backup system is very good and very simple to use.

You will normally find that a hacker will compromise all of the web sites that you host on a single Cpanel install, so you can perform a full cpanel recovery of the site using R1Soft. Again, consult with your local web hosting provider.

If you are looking for a good hosting provider, here’s one that I recommend, Scala Hosting. I’ve been with these folks now for about a year and I’ve had stellar service from them. And their backup system is very good and as I describe here.

Next, to stop hackers from hacking your site, make sure you have updated all of your WordPress plugins and your core WordPress install to the latest version.

I have my set to the latest, but was still cracked. It looked like the hacker either used a brute force admin password guessing and/or a password reset hack to cause my admin password to be compromised.

So, the second thing I recommend you do is create a new admin user, giving them full admin access with a complex password, then delete the admin user.

This form of attack is immediately nullified.

Finally, one final thing you can do is use the power of .htaccess files to limit access to your wp-admin folder on your WordPress install to your local IP address. This is getting a little complex for the average web master or internet marketer, but if you want as much protection as possible, you need to perform this step to.

If you are interested in form of protect and be forewarned you can lock yourself out of your sites, you can look to many great web sites, like Blog Security. The author’s posting is two years old, but still very relevant.

Keep your WordPress sites safe from hacker, crackers and script kiddies. No matter what their name, they are criminals. They want to rob you of your web sites and the earnings that you could be making with them.

Take the time to take security seriously. Fixing 200 web sites or even just one can be painful if you don’t plan for this problem in advanced.

Tagged with:

Filed under: Learn Wordpress

Like this post? Subscribe to my RSS feed and get loads more!