Last night, I wrote a post here at CallingAllGeeks and went to sleep. The next morning I was a bit perturbed to notice that all internal hyperlinks, be from posts, pages even “Read more” links were pointing to some external website which had inconspicuous advertisements thrown all over!
The site to which my blog was being redirected was in no way related to me and had an ugly, alphanumeric name something like sql4.net. Now, I searched all over the internet. Banged my brains virtually on the keyboard but no respite.
I called my friend Harsh and he inspected CallingAllGeeks. Harsh : “I think its been hacked.” Ok, “You sure?” “I think so.” He replied, and my heart sank. My subconscious ringed a bell, “Vaibhav, your BLOG HAS BEEN HACKED!!!!”
I got to work James bond style. For all those of you reading this story like post, its ok, I usually don’t talk in pseudo gibberish . I’m just plain happy to get my blog working again. So, this is what you should know.
Tricks of the trade. Top Secret!
-
Always keep a backup of your blog. One of the database and Two of the files. Just copy the root folder. Here, your database is very important. It contains info of all the registered users and the heart of your blog – Posts, categories, tags all are stored in your wp_ database.
-
Keep your blog updated to the latest version of WordPress. At the time of this writing its WordPress 2.71 and I was using WordPress 2.7, it may have been one of the reasons but updating it to the latest version is always recommended. At times, some plugins may stop working with a version upgrade and you might have to redo the changes if you made any changes to WordPress core files but then, its better to be safe than getting hacked.
So, by following the above mentioned points you can ward off most hack attempts and recover in case you get unlucky.
I skipped on the second point and had to suffer at the hands of the unidentified hacker.
Now, I reinstalled WordPress and restored the database. I deleted my .htaccess file and replaced it with the following code :
# BEGIN WordPress
<ifmodule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</ifmodule>
# END WordPress
One more thing which Harsh pointed out was to create a new username and delete the by default admin account. This gives added security. Be careful as you also need to transfer/assign all the posts to the new user.By deleting the “admin” login, a hacker now has to figure out an appropriate username AND password combination, making it exponentially more difficult to hack your login. Hackers know that the default WP installation process leaves you with an administrative username of “admin.” They can easily make the assumption that most people do not bother to change this and know that they only need to figure out your password.
If you haven’t done this and you are logging in as “admin,” follow these steps:
-
Login as admin
-
Create a new user for yourself and give it administrator privileges.
-
Logout of admin and login under your new administrative username.
-
Delete the original admin account.
-
(optional) If you already have been posting on your blog using the original admin account, you can attribute those posts to your new account when you delete the user.
Since you are taking the time to do this, you should also consider using a secure password. Most people simply use an easy to remember word as their password. Words are easy to hack, even when they are case sensitive. There are only so many possible combinations of upper and lowercase letter. Adding a number or two to your password is better. This increases the security of the password exponentially as you are increasing the number of possibilities.
Yup, that’s about it. Be safe and keep blogging.
via Holy Shmoly!
via Butter Blog
Related posts:
- WordPress Hack : Find all the plugins being used on a WP blog
- Thepiratebay.Org: Popular Torrent Website Hacked
- iPhone SMS Database Hacked at Pwn2Own
- Download iPad WordPress Application: iPad for Bloggers
- How to add read more / continue reading to blog posts in WordPress
- Best time to move on to Self Hosted WordPress Blog with unlimited space and bandwidth for $10 only
- WordPress iPhone Application got Geotagging Feature
- Moderate new WordPress comments and get notified right on your desktop
{ 4 comments… read them below or add one }
Its very important Vaibhav to keep your self safe.
Your safety is in your hand..
I’m glad that you understand this at the starting point. You have a long way to go man. best of luck.
You
@Harsh
Thanks!
Man, that was so creepy to see that blogs get hacked.
I will take care from now onwards.
That’s ok. There has to a first time. I learned the hard way. I was aware of the comment spam thing but getting my blog hacked was something out of the world.
I hope my experience helps others.