WordPress website hacked?
You’re probably wondering what the bellyaching’s about.
I GOT HACKED!!!
My WordPress website was down last week. The worst of it, I had been feeling rather smug. Two years and no problems with website. Isn’t that typical?
What’s more frustrating, I had actually implemented several security measures. However, as I determined later, it was already too late.
The hack actually happened around early February. The culprit, a new *plugin that I installed. I had done my due diligence. The plugin had checked out, it was being supported & updated. The plugin users gave it a good rating & review. To clarify, the owner of the plugin didn’t hack me, he just had a serious breach in his software. I have made him aware of it.
I spent the half of the week doing research on how to recover a hacked website. Altogether, what a massive hassle. I consider myself fairly competent maneuvering around the internet, with a fair knowledge of using WordPress. Yet, I struggle to understand php & html coding on WordPress. If the instructions are extremely simple and detailed I can follow along.
It finally boiled down to I was over my head. I started putting feelers out looking for assistance. As I lay NOT Sleeping late or rather early Thursday morning, 3am. It suddenly dawned on me. What if I changed the theme? Would that be a quick solution?
Already awake, I jumped up and by 5am I had a basic website up, with my content transferred to a new theme. I will lose the old theme. Not too terribly upsetting in the scheme of things, since I had already decided to change themes.
Here are what I consider best practices for keeping your website and content safe.
- Back-up, back-up, BACK-UP. – the worst of it, back-up’s were happening as scheduled. With only 2 weeks of backup history, the breach happened prior to those 2 weeks. Sigh.. Really 2 weeks.
- Implement a security plugin that watches for malware and virus.
- Keep every theme, plugin & wordpress up to date.
- In fact, updating is not enough. Often times the plugin creator will let that project drop and no longer support it. Check on your installed plugins, otherwise it could be suspect for hacking. How to check this vulnerability out:
- Login to your WordPress [YourWebsite] Dashboard
- View Installed Plugin directory on your WordPress [YourWebsite] Dashboard
- View details – click on View details, this will pop up a screen, determine when the plugin was last update
- View support forum – click on support forum to discern, if support issues are being resolved by the plugin owner.
- My rule of thumb for suspicious plugins – if 6 months have gone by with no update & no support. I recommend searching for a newer plugin.
- Apply this same rule of thumb when researching potential new plugins.
- Audit the activity on your website – be aware of anyone trying to access your website
- Protect against spammers
My recommended plugins for safety measures
- Wordfence Security Anti-virus, Firewall and High Speed Cache. Free plugin.
- Updrafts Backup & Restore simplifies backup and with one click restoration, this is my go to backup. Free version, with paid version available.
- WP Security Audit log keeps an audit log of everything that is happening on your WordPress. Free and Premium versions.
- BruteProtect is a security plugin that guards against botnets by connecting its users to track every failed login attempt across all installed users of the plugin. This plugin is free, with a Pro version in beta.
- Askimet checks your comments against the Akismet Web service to see if they look like spam or not and lets you review the spam it catches under your blog’s “Comments” admin screen. The Personal website is free, Business websites are $5 a month.
- Growmap Anti Spambot Plugin adds a client side generated checkbox to your comment form asking users to confirm that they are not a spammer. Free plugin.
Donating and purchasing plugins – These creators spend a lot of time on their products, free or otherwise. Something I have no inclination to ever, ever do. We all want to be paid for what we do, this is my encourage to do just that.
*Not sure what a plugin is. My website is a WordPress.org website. Which allows me to choose a theme and add on software (plugins) to customize my website. I decided not to name the plugin, because the creator is actively trying to fix the issue.
Photo credit: Malik M.L. Williams