subject: Website Protection And Hacking - Prevention Is Better Than Cure [print this page] For anyone who has tried to log in to their blog admin to find that it has been hacked, they will understand how it feels.This unfortunately happened to me a while ago, when I somehow built a website but had no knowledge or expertise.After logging in to my wordpress admin, I was met by military sounding music and a black screen full of illegible text. Before this issue my wordpress security had never entered my head. I was aware that the site wasn't very good as I knew nothing about keywords and SEO. Having said that, I had worked tirelessly on it and I was hopping mad. I took the whole thing very much to heart.
I just didn't know how to put it right. I deleted the whole site and resigned myself to the loss. Of course I now realize I could have restored it or at least known where to go for help. I over reacted to the situation when I should have taken a deep breath and thought about what I was going to do.
So how do hackers get into your site and what are their reasons for doing so?
For the most part they think it's clever. They randomly vandalize sites just for the hell of it! Access is usually achieved by a program created by a hacker or they will gain access if they find an open port. A port is access for information to go in and out of your router. For instance, if you were changing your host you would have to open a certain port in order for the website files to be transferred. Some ports do need to be open in order to gain internet access but the default setting on Windows Firewall ensures that any ports increasing your vulnerability, are closed. Unfortunately, hacking will always pose a threat to any site, especially small ones, so prevention is better than cure.
Ensure you have the best anti-spyware and anti-virus software installed on your computer and be certain you never let it run out of date. Always install wordpress database backup plugin. You can obtain your website files in an email on a daily or weekly basis. You can then replace them if the worst should happen. You will also have the option to backup your files on your hosting account.
Install Bulletproof security wp plug in for further anti virus security. It has positive reviews and a very good quality support service.
Securi.net is a site monitoring resource which provides three types of cover for up to ten websites. They will check for any problems and contact you if they find any malware.
Many wordpress plugins are a necessary part of your wp admin but only use the ones you need as they can add to your vulnerability to hacking. Ensure you delete the plug ins you don't need and update the ones you do, when they become available. You should have the latest version of wp itself as well, when it is accessable on your dashboard. This is particularly important as often newer versions can detect bugs. All it takes is one click and it's updated.
When you first set up your wordpress blog, 'admin' is the default log in name. If you have not already done so, change this as soon as you can. I did not think about this unfortunately, which meant that the hacker was almost there immediately.
Are you one of those website owners who use identical log in details for everything? I used to do this as well. I know it's so much easier but you need to not just change your log in details on a regular basis but make them as complicated as you can using a mixture of upper and lower case characters and letters, as well as numbers. Also where possible stay away from using family members personal details.
All of the above advice is very important to carry out but the threat of attack is always there. If the worst should happen, and you do have monitoring with securi.net then they will clean your site up as it is part of the service. then you can contact your host for help. If you are more confident in your own ability, you can ask on the wordpress forum. I understand that some of the members are very knowledgeable and supportive.
