Late Night Internet Marketing with Mark Mason -- Affiliate Marketing Tips, Online Business Advice, Email Marketing and SEO
WordPress Website Hacked: Prevention and Cure [LNIM121]
Jan 05, 2017
Mark Mason - Entrepeneur and Online Business Coach
Ever had your WordPress website hacked? Want to keep it from happening again? This week on the Late Night Internet Marketing Podcast, I talk all about my holiday excitement which involved 17 (count ‘em, 17) hacked WordPress websites.
I also discuss the new “State of Blogging” report
When I found out that my site was hacked, I looked at the nature of that hack and found out that hackers had compromised the website and added a tremendous amount of content to the site. The CPU load on the server had gone through the roof because of the enormous amount of traffic as the site was being used a bots and other things. When I did an audit, I found that the tons of information added that I didn’t own drove the disk to be almost full – it was a totally mess. It was a total takeover of my 17 websites which were on this one server. Luckily, the server was hosted at Site Ground so I sent a ticket, pinpointed the time it was hacked, and asked them to roll the site back and restore a backup from the time when I believe it was hacked. This doesn’t work every time though as hackers sometimes now that that this is what you will do. They will exploit the site and will let that sit dormant for a long time so your backups are too old to be of much use. As for mine, Site Ground fixed it pretty quickly and I was back up running but with a website which had been restored to its previous state, which we know, can be hacked.
So how do you harden a website? Majority of the WordPress hacks either come from the hosting platform or from out-of-date plugins. Here’s what you can do today with practically no technical expertise:
* For recovery purposes, have good backups. There are plugins that you can use for backups but there is nothing which can beat a server backup from your server provider. Check in with your host to see if they provide backups and if you can afford that.
* Make sure WordPress is up-to-date. Get everything updated to run the very latest version as you need to make sure that your site is secure. This includes your themes and plugins so I would recommend turning automatic updates on.
* If you have bunch of stuff installed that you are not using – themes, plugins – delete these junk out of WordPress. Go into your plugin/theme manager and remove them as they can provide points of attack. If you do not need a plugin, do not use it. Use plugins only if you need them.
* Do not use ‘admin’ as username for the administrator of your blog. This gives hackers half of the puzzle. Harden your password – change this often, make it very hard to guess and consider using two-factor authentication.
* Use the best hosting service and sign up with a reputable one. Choose one which is designed for WordPress.
* Add your site to Google Search Console as they are watching your site thereby will notify you once your site is hacked.
* Add a security plugin. I use WordFence which has firewalls, looks for hacking and bots, pays attention if your plugins or themes are out of date and sends you notification emails if they are.
Here is the message that I received from Google….this will really make your stomach hurt. Especially when they start coming in for multiple sites one right after another – “WordPress Website Hacked”.
Here is that video about the candle that a promised at the very end of the recording.
Links Mentioned In This Episode
* “State of Blogging” report
* WordFence Plugin
* iThemeSecurity Plugin