As you know, a few weeks ago I found out my blog had been hacked. While we were able to fix the problem, it took a lot of work and the site was kicked off google for over a month. Here are some tips from my husband to keep your blog from being hacked.
Wordpress is the most popular blog platform on the Internet and therefore is the biggest target. The code is open source which means everyone in the world can read it and analyze it for weaknesses. It also means that there are a lot of users and coders out there working to protect it. We got hacked and we’d like to give you a few tips for general blog security and some Wordpress specific advice to make your blog just a bit safer. Please realize we are not computer security experts (we don’t even play them on TV) and even with the most secure set up possible one can not be 100% hack-proof. Our hope is that a few tips will make it a little harder for the hackers to get to you and might encourage them to move to the next and easier target.
Basic Internet Security
1. Don’t think you’re not a target. That was part of where we let down our guard here at TheHappyHousewife. We couldn’t imagine why someone would want to hack our site. It is just a blog with no personal data, no credit card or bank information, no reason for anyone to want to hack us…Wrong. There are plenty of reasons nasty people might want to hack your friendly blog – the reason they hit us was to steal Google Page Rank. They placed code on the site that was invisible to the viewer but that was sending Google page rank power to sites they wanted to move up in Google’s results. I don’t want to go into the Search Engine Optimization reasons they might do this but trust me, they have reasons to hit your site.
One way to track whether you’ve been hacked for this particular reason is to get a Google Webmaster Account and check the keywords on your site as seen by Google, if you’ve got Viagra or other drugs as number one on down, there is a good chance you’ve been hacked.
2. Use hard passwords. If your password or combination of words can be found in a dictionary, it is too easy. Password brute force attacks (trying a bunch of possible passwords until it is cracked) it just too easy these days. Make it harder by lengthening your password and mixing in numbers, upper case, lower case, and special characters if your software allows it. Use the longest password you can effectively use and make it random or at least random in appearance. A long sequence of numbers and letters that mean something to you and only you could be your starting point. Use separate passwords for each web application you use. Don’t make it easy for a hacker to recover your password on a compromised system and use it to get in your blog. Separate passwords solve that problem
3. Update! Update! Update! Stay on top of blog software updates and jump on them as soon as they come out. We waited for the bugs to be worked out of the last wordpress update and that could very well have been how they got in. The updates are issued often because a vulnerability has been found and needs to be fixed. Get those fixes working for you as soon as possible so that the hackers have to work harder to get on your site than the one sitting next to yours in his queue.
4. Backup! Backup! Backup! This is just good pratice and has nothing to do with protecting your blog. However, a good, recent backup will get you back on the net faster if you do get hacked. Be ready for the worst and you’ll be able to come back quicker and sleep easier knowing you have a disaster recovery plan in place.
5. Check on the security track record of your web hosting company. Ask them about how they respond to hacking activity on their servers and about their diligence regarding updates to their software. If they won’t talk with you about it, find another host. You can’t put your blog on a server that’s open to attack because of poor administration.
6. Keep up on your personal computer’s security. If you access your blog from a computer that’s full of spyware you are basically giving the bad guys your very well crafted and hard to crack password. A keylogger is a bit of code or sometimes hardware (more likely found on public computers) that captures every key stroke on that computer. This data is compiled into a payload and then transferred to the hacker’s computer so he can search for passwords. Your defense here is to maintain good antivirus/antispyware software and to keep it updated. This will minimize the chances someone can grab your password and use it get in your site.
I realize that most of you do not blog for money (I don’t either), but for many of us our blogs represent a large investment of our time and resources. It is important to keep our blogs safe and protect our hard work. Following these tips can be compared to locking your doors and windows when you leave your home. You want to make it as difficult as possible for someone to hack your site.
Note: For those of you who have asked about how to back-up your blog, I am not familiar with the blogger platform. I will research it and post an answer later this week.
SEO Powered by
{ 11 comments… read them below or add one }
Great post. I like what you said about back up. I have been looking forever about how to backup a blog, so I wanted to share with you this link http://www.blogbackuponline.com
it is free and i used it for a while.
zcouple.com
[Reply]
Great tips.
I’m wondering how you back up a blog? Do you just copy your html?
thanks for your help!
[Reply]
Thanks so much for the tips. I want to back up my blog…what do you use to do that?
Thanks!
[Reply]
HOLY COW – that is scary and so sad that there are so many creeps out there. Ok, I have to learn more about this, and find out what key words people use. I have no idea. The google webmaster is just located through Google?
[Reply]
My husband is the IT guy in our home. He installed a Blogger Backup Utility on my computer and I just click the button once every couple days or so and it does it automatically.
I’ll ask him which site he got it from and come back with it
[Reply]
some people have too much time on their hands. What do hackers get out of doing this??
[Reply]
Wordpress.org also has a backup plugin that has received 4 stars with almost 275,000 downloads. I haven’t used it personally but it may be worth researching. For those asking, if you are using Wordpress, and some others, don’t forget to backup your database. Any good host will have instructions on their website.
Thank you Happy Housewife & family for all of the awesome information you provide. It is a wonderful service to the online community and my own household, in particular.
[Reply]
So sorry this happened to you but am glad you got it all fixed. Thank you so much for the tips! I thought our bank accounts were safe too since we keep very little money in them. But lo and behold they got hacked into causing lots of headaches! Someone had a nice cross country shopping spree on us!(we got our $ back though!)
[Reply]
I had no idea that someone would hack into a blog. Thanks for sharing the lessons you learned.
[Reply]
Thanks for the great post! I just have a small family blog but this is all great stuff to know. I had never heard of a Google Webmaster account, so I just set one up!
[Reply]
Excellent. This has been on my mind recently. Glad you were able to recover your blog.
[Reply]