After a busy day of interviewing, working on a business plan, and tennis (I finally got my service game back, so that was fun), I came home to the annoying realization of my blog having been hacked. I twittered/fb’d my new found frustration. Then about a minute or two after this realization, my friend Josh The Developer calls me, perplexed, and then Stacy calls me, giving the situation some perspective.
“How’s your day been going, love?” she asks me, she sounds sweet and happy.
“Good! Then meh,” I say. I was still partially concentrating on contacting the company that manages the server my blog is hosted on.
“Is everything OK?” she sounds worried.
“Yeah. My blog was hacked and the database corrupted, so unless there are backups from the server company, I just lost 2 years worth of content.”
“Not to say it’s not important… but is that all?” I laughed a little as Stacy gave the situation a bit of perspective. This really wasn’t the biggest deal, and I wasn’t greatly upset to begin with, I was mostly irritated. I was also pretty sure the server company made daily backups.
“Yes, that’s all, hon.” She asked a little more of what went on, and then we moved on to other, more fun topics.
So if your block was hacked, or if you’re worried about it, don’t fret too much. It’s really not the biggest of deals, and the majority of companies that you’re hosting your blog on do daily server backups.
The best part of the whole situation though is that after it was hacked, I received a lot of good tips and articles on how to secure wordpress more. Knowledge is power!
Here’s 6 ways to make your wordpress blog more secure. Now with more hat-tips!
1. While not exactly making your blog more secure, WP-DB-Backup will do daily, weekly, and by-weekly scheduled backups of your wordpress database, then e-mail it to you. This ensures that if your blog is hacked, you at least won’t lose all your posts. h/t to Andy Drish (thanks man!).
2. Josh The Developer sent me 10 Steps to Secure Your WordPress Admin Area by Smashing Magazine. My favorites from that article are putting a directory lock on your WP-Admin folder, and #3.
3. Install Login Lockdown to track invalid attempts and force lockouts.
4. Hide your plugins folder. People can navigate to http://yoursite.com/blog/wp-content/plugins/ and see all the plugins you have (then exploit one). To hide it, upload a “blank” index.htm to your plugins folder and that will force the index.htm to be displayed instead.
5. Install WP-Security-Scan, a plugin that allows you to scan your blog regularly for security holes in the software, and then helps patch them.
6. Make sure your software is up-to-date. I know, it sounds simple, but people are lazy sometimes. I was. h/t to Aaron Alexander.
Have any other suggestions on how to make someone’s wordpress blog more secure? Leave a comment!
Thanks for this great post, I really enjoyed it.