I love the online community but one thing I hate with a passion is when some hacker takes it upon themselves to invade my private space. In the past I have had my Facebook account hacked and not only is it embarrassing but a royal pain in the ass as well.
Recently I have had some friends of mine have their wordpress blogs hacked. Now that’s just not right! They totally hijacked their information and made a total mess of all their work.
Thankfully for 2 of my friends, they had the WP Backup plug-in installed so they were able to reinstall all of their information back to the way it was after they changed their login information.
By the way, if you don’t have the WP Backup plug-in installed, you really should do that today. It’s easy and a life saver. You can access that plug-in by visiting:
http://wordpress.org/extend/plugins/wp-db-backup/
Now in order to help prevent this from happening to you there is a simple step you can take right now.
The one thing I didn’t like about every upgrade with WordPress is that when you create a new blog you are automatically set as admin. Let’s face it, all hackers know this so all they have to do is start going through a sequence of passwords in order to access your dashboard.
To make this more difficult for them all you need to do is:
- Create a new WordPress user account. Make the username very unique
- Assign the new account to the Administrator role
- Log out of WordPress and log back in with the newly created account
- Delete the admin account
It’s really very easy to do so be sure to do this for all of your blogs. Don’t let those annoying hackers get the best of you.
Now go change your settings right now! Better safe than sorry right!
{ 36 comments… read them below or add one }
Adrienne,
Thanks for the tip on changing the administrators role. I did not realize there was a default setting with updates.
I have a couple of friends that recover blogs that have been hacked, they also recommend the WP plugin.
One more tip for stopping hackers: Most of the WP upgrades have been security upgrades make sure you do the upgrades.
Sheila Atwood recently posted..Are You Making Your Blog Landing Pages Easy To Navigate
Hi Sheila,
I’ve been using the backup plug-in for awhile and it’s a life saver. Should anything go wrong, you can recover all your posts… And those damn hackers, I guess they have nothing better to do than to annoy the heck out of us. Shame on them!!!
Everyone should ALWAYS upgrade to the latest WP version. You are right about that! They continue to improve their versions and hopefully prevent this from happening. But for those that are a little slow, it doesn’t hurt to change your login information. I did this some time back and I just feel better.
Thanks for your comment Sheila… Always nice to hear from you.
Adrienne
Twitter: IMarketerLinda
March 2, 2011 at 11:19 AM
Wow! How scary! Sorry this happened to you, but glad you were able to get it back up. I just installed the plug in, thanks! Someone made a comment on one of my posts about how important security is with wp – never really thought of it before. You may want to check it out – What are Your Favorite WordPress Plugins? – I found it very helpful and installed a few other programs to help me identify if something fishy is going on.
Linda
Hey Linda,
It didn’t happen to me, but it did to some friends of mine. I’d told them about the backup plug-in but they never got around to uploading. A lesson learned.
WP updates their program regularly which is why it’s important to always keep your version updated. That does help but those hackers find ways to get around everything when they are determined enough.
I have a PDF I made for my training site of my favorite WP plug-ins but I already need to update it. Have found more since I created it and that was at the end of last year. You are more than welcome to check it out.
Thanks for visiting and always appreciate your comments.
Adrienne
Hi Adrienne
I know what you mean – a big problem with wordpress.
As well as backing up your database you should also backup your site files.
Just FTP the whole site to your hard drive.
That way you can restore your whole site – database, theme, everything.
If you really wanto know about protection your blog Google John Hoff.
He has an ebook called wordpress defender, which walks you through lots of things you can do to protect your site.
I’m no techie and I could understand what to do.
Thanks for the reminder Adrienne – better safe……….
Keith Davis recently posted..Great Speeches in Films
Hi Keith,
That’s another good idea, thanks for that. I use the backup plug-in which backs everything up and since I have combined 2 of my blogs some time back it came in very handy. I had everything in my backup and just exported it all. Boy was that ever easy and like you, I’m no techie!!!
Will be sure to Google John Hoff and check out his info. Appreciate that tip.
Thanks for the comment and for stopping by.
Adrienne
Hi Adrienne,
What you describe above is known in the vernacular as “hackish behavior”. While you can accomplish your goal of changing the Admin the way you describe, going to the database and going to “wp-users > user_login (table) > edit (field) user_login and changing the name would be the correct method. If you get into the habit of looking for quick “work-arounds”, this will eventually land you in deep trouble. It is a good idea to learn how to manage your databases through your hosting admin panel. It may seem daunting at first, but will save you miles of headaches in the long run. The Plug-in you suggest above is one that is known for database corruption issues. Once again, if you go to the database admin area of your hosting panel you can export your database in just a couple of seconds.
Also keep in mind that you can restrict access to any part of your Blog by compiling or hard coding to the .htaccess file. If you would be so kind as to allow me a guest post here at Adrienne Smith.net, I would be happy to expand on these edits for your readers.
Jeffrey Morgan recently posted..WordPress 10 – Browsers Nothing
Wow Jeffrey… Great info and see, I keep learning new things. I had NO idea and your info is so darn helpful. I would LOVE for you to do a guest post and inform us of some other ways to help prevent things such as these. As you can probably tell from my blog, I try to help my readers with easy explanations so if you can try to explain things as simply as you can for all of us non-techie people, that would be awesome.
I can get around pretty well in my CPanel and can probably figure this out with help from someone like yourself. So far I have been blessed that this hasn’t happened to me but that’s why I like to take precautions just in case. I’ve put way too much work into my blog to have this “hackish behavior” happen to me.
Thank you for your comment and yes, I would like to take you up on your offer. Let’s talk!
Adrienne
Twitter: Ileane
March 2, 2011 at 7:22 PM
Hey Adrienne,
One of the bloggers I know had their computer hacked and they took over his blog, his domain and his paypal account! What a nightmare…
I started using the BackupBuddy plugin. It’s a premium plugin but it takes a complete back up of all your themes, widgets, images, comments, posts….the works.
Talk to you soon Andrienne:)
Ileane recently posted..Display Your CommentLuv Affiliate Banner
Hey Ileane,
Sorry to hear that you also know of some bloggers that have had this problems as well. We truly are blessed that it hasn’t happened to us.
Just received a comment from Jeffrey who shared some more tips with me about how to be even more creative to prevent this from occurring and he may do a guest post for me on this subject. Would really be helpful for me as well as my readers so am anxious to speak to him more about this. Wish this were never a problem but better safe than sorry.
Thank you so much for stopping by and your comment is very much appreciated.
Adrienne
Hi Adrienne,
I agree, having a backup database is a must do, if the worse thing like being hacked happens to us, we all don’t want to encounter it, but the danger is there.
Thanks, I am using this plugin too, and recommend it to everyone!
Kimi recently posted..Why premium wordpress themes instead of the free ones
Hey Kimi,
Yeah, I am blessed that they haven’t been interested in my site. I prefer looking at it that way. But I’m ready now!
Thanks for stopping by and your comment is always appreciated.
Adrienne
Hi Adrienne
The bloggers nightmare eh! A techie friend of mine made sure I had all the security stuff sorted on my blog and the backup plugin too. I am glad he did as that would be terrible to lose information.
Thanks for sharing Adrienne. There will probably be those reading this who will get a wake-up call too.
Patricia Perth Australia
Patricia recently posted..Comments Do Not Equal Sales!
Hi Patricia,
Could you imagine loosing all your hard work? My blog is 2 years old and that’s a lot of posts to loose. What a nightmare and I’m so fortunate it hasn’t happened to me. But my heart does go out to those that have been invaded.
I’ve shared posts about the necessary plug-ins and why they are needed and have had some friends come back to me at a later date and say they wish they would have done something about it when they read it. I say be prepared and you are fortunate to have a friend that has taken care of that for you. I had to learn and do it myself which is why I love blog commenting because I continue to learn more and more with each new day.
Thanks for stopping by and your comment is always appreciated.
Adrienne
Hi Adrienne
I just hate those destructive guys. Why don’t they use their skills to create something great instead of destroying other peoples work? No doubt that those guys are talented. Good idea to create another user and use that instead of the default. If someone has doubt about deleting the build in administrator account they could put a very strong password on it instead. That would make it very difficult to break.
Thomas recently posted..How to burn ISO files out of the box in Windows 7 with Isoburn
Hey Thomas, always great to see you again my friend.
From what I was told, if you have it set on admin then they have some type of program that will so through a series of passwords and they are usually able to break them. But if you change your username to something unique and have a strong password, they will move on to something else. I changed mine and made it totally unique, something I have never used before so that should definitely help. I guess these guys have nothing better to do with their time.
Hi Adrienne
No doubt that the admin account will be the first one they will try and if it does not exists they maybe move on to another site. The method those guys use to break a password is called “brute-force”. They try combinations of English words in all kind of combinations and eventually they might have luck finding the right password. If you got a long complex password the “brute-force“ method will have a very little change to find it. Let me give an example. If you password was “adrienne2011” the “brute-force” method will properly find it after some time combining your name with a year. Imagine you admin password instead was “fGskfdf73.fgf$dBdghehj”. The “brute-force” method could try all combination of word in a dictionary combined with different numbers and the will never crack your code. I know that the code is not possible for a human brain to remember but you don’t have to. You can just log in with your new admin user and change it to something else if you want to use it someday. That was a long explanation, but I hope it made some kind of sense
Thomas recently posted..Make quick screenshots with Snipping tool in Windows 7
Hey Thomas,
That’s what I like about having met you. Since you are a computer guy, you understand this stuff much better than me. I use to use a simple username that had my first name included. I’m fortunate to not have any of my stuff hacked but I don’t do that any longer. I also have a combination of letters with numbers for my passwords and it has nothing to do with years, birthdays, names, etc. Yeah, I finally got smart and I have a add-on that handles my login info as well. No saving that stuff to my computer anymore. Yep, I’m wising up in my old age! LOL!!!
Thanks for this as always.
Adrienne
Hi Adrienne,
You are so right … a real PITA and a real pity! I’ve never had a WordPress site hacked, but did face that aggravation with a Joomla site a few years ago.
LIke you, I use the backup plugin. That’s seriously on-point advice from the techies here — to grab a complete copy of all your WordPress files via FTP and download it to your computer.
Another couple of ideas:
From within any cPanel-based hosting account, you can get a full site / full account backup, which includes your email accounts, and anything else within your account. You can do this from DreamHost, too.
And if you don’t mind another WordPress plugin, I use GDPress Tools, which has some amazing database, backup, and admin-type features.
Thanks for the nudge!
Vernessa Taylor recently posted..Love Your Business Beyond Valentine’s Day- Review & GiveAway of Invoicera Online Invoicing and Billing
Hi Vernessa,
Thank you for taking the time to visit my site.
I am very fortunate but my heart goes out to those that haven’t been. Great advice as well and thanks for that tip about another plug-in. Anything I can do to make my site secure, I’m on it!!! Appreciate that tip.
Hope you have had a really great day and looking forward to a relaxing weekend.
Adrienne
Good stuff, Adrienne.
It a shame those pesky hackers are always on the prowl. I too know some folks who have been victimized. Bummer.
I’m running dual backups in that I have an offsite service and I use the plugin you’ve mentioned here. I couple the plugin with a dedicated Gmail account that collects backups from all of my sites.
Having said all of that, nothing is absolutely full proof but we can certainly make it more difficult for those with ill-will on their minds. Great tip on changing that default admin. This is a must. I think it is also wise to change your login rather frequently.
I’ve been meaning to check out that plugin that Ileane mentioned (BackupBuddy), just had not gotten around to it as yet. May be a nice alternative to my offsite service.
Thanks for the nice post, I hope those who may have left themselves vulnerable take the additional measures to secure their sites.
Jimi Jones recently posted..Life Lessons—The Best Self-Reflections From 108 Bloggers
Hey Jimi,
I’m so sorry to hear that you also know some unfortunate ones that have had this problem. I wish it never happened but we all need to be prepared.
Wow, you really are taking precautions… I’m impressed. I do change my password rather frequently but had never thought to change the username. I know now though.
I will be checking out the plug-in Ileane suggested as well. Never hurts to have more in place.
Your comment is always appreciated and thanks so much for stopping by.
Have a lovely evening.
Adrienne
I kept reading all the comments to see if someone was going to mention a couple of plugins I’m using for protection. One is called Limit Login Attempts, which allows you to set how many times someone can try to log in before they’re suspended for a time. This one is great, and it sends me email whenever an IP address has been blocked. The second is called Wordpress Firewall Plugin, which makes sense, and like most firewall programs helps mask your blog’s IP from predators.
Mitch Mitchell recently posted..Writing – A Rant
Hey Mitch,
I had read someone’s post when I was researching this and they had mentioned something about blocking login attempts but they didn’t say it was a plug-in. Of course I landed on a blog where the guy posted about computer technology and of course, it was way over my head. Those are some great suggestions and thank you SO much for that. Man, I know what I’ll be doing tomorrow.
I really appreciate you sharing this with us all and I know anyone reading this post and the comments is going to learn a lot.
I appreciate you stopping by and for visiting my blog. Have a wonderful day!
Adrienne
Hi Adrienne,
Thanks a lot for helping people protect their blogs.
I have some additional paramount information about protecting your WordPress blogs. There are some important plugins that you must install to protect your blog. The first one is Login LockDown. Hackers usually run your blog through a script to find your password. This plugin prevents brute force password discovery. If more than a certain number of failed login attempts is detected from the same IP in a short period of time, the plugin will disable the login function. You can choose the lockout length and the number of attempts.
The second plugin is WordPress Firewall. This plugin detects suspicious activities on your blog and sends you an e-mail telling you about it. After installing this plugin, you’ll find it under Settings. Make sure you write your IP in the Whitelisted IPs field so the plugin won’t block you when you insert Google Analytics, for example.
Adrienne, it is also important to note that the WP Backup plug-in doesn’t not back up your images, plugins or themes. It only backs up the contents of your WordPress database! To fully back up your Blog, you need to make a regular copy of the wp-content folder on your cPanle.
This is just some additional information and I am sure it’ll be helpful to you guys.
Kindest regards,
Mouh
Mouh recently posted..Why Do People Fail in The EBook Writing Niche
Hi Mouh,
Thanks for your input with more helpful tips for my readers.
Mitch had mentioned the same plug-ins in his comment as well. He said that the Login LockDown and WordPress Firewall were very important so glad both of you are sharing this information. I didn’t realize that the WP Backup plug-in didn’t save images and such. So how often would you suggest making a copy of my blog on the CPanel? Once a week like I have the plug-in do for me?
Again, thanks so much Mouh… I love it when you all participate in commenting because not only am I still learning new things, but it will be extremely helpful to my readers as well.
Adrienne
I also didn’t know that the WP Backup plug-in doesn’t save images, themes and plugins. I was surprised too. It’d be great if the plugin does that.
How often do you need to save a copy of your blog depends on how popular your blog is. What I mean by popular is how often people visit it and how often hackers visit it as well. After you install the WordPress Firewall, the plugin will detects suspicious activities and send you e-mails. If you get a lot of these e-mails, know then that your blog is always in danger and you must save a copy every 2 or 3 days. If you don’t receive a lot of e-mails from the plugin, then once week would be enough.
I also love learning new things through commenting. It is my favorite learning method, seriously.
Kindest regards.
Mouh
Mouh recently posted..Why Do People Fail in The EBook Writing Niche
Hey Mouh,
Looks like we both learned something new… So glad everyone is putting in their 2 cents worth. At this time I just backup my blog once a week but now understand that I have to go one step further since learning all this information from these comments.
I love learning through commenting too! It is now one of my favorite things to do. Not only do I meet some amazing people, but I am also learning even more.
Thanks for your input and for stopping by. Have a wonderful day!
Adrienne
That’s really bad to know.Good they had backup.This plug in(wp-db-backup) is essential for any blogger.I usually schedule it for weekly backup.
sham recently posted..How to Track Your Google Adsense Check
I use that one too but many who have replied to this post have informed us that it doesn’t back-up images or themes. So glad I haven’t had to republish my site and find out. Always good to know!
Hi Adrienne,
I don’t think someone may be interested in getting root (admin) access to my site but I’m a fan of security so this helps considerably in getting better sleep at night.
I was a bit concerned with the default ‘Admin’ username for my Wordpress installation and not being able to change that from the dashboard strucked me even more.
I was going to go directly for database updating but then I found this, so I’m glad I didn’t start messing with my db tables and caused even more disaster lol
Have a great day and thank you for sharing this simple yet effective way of securing wp access!
~Sergio
Sergio Felix recently posted..Analysis Of A Bad ClickBank Product
Hey Sergio,
I’m with you… I don’t think anyone would really want to be too concerned with my site but better safe than sorry. I’m not a techie person so the simpler things are to implement, the better for me.
By the way, thanks for the heads up on my page today! Just got that put up this weekend and tested it and low and behold, it’s already had problems. But, that’s usually how things go right! If everything went smoothly, life would be even better!
Appreciate the comment and the heads up!
Adrienne
Hi Adrienne,
I forgot to mention something very important. It is protecting uploads, themes and plugins folders by adding a blank HTML page in your wp- folders. To know if you are protected or not, type this link in your browser:
http://www.YourWebsite.com/wp-content/plugins/
If you see “Index of /wp-content/plugins” then you are not protected. Hackers can access your themes, uploads,plugins, etc. They can know you are running an out-dated plugins and use that to hack your blog. You can prevent them from your .htaccess file, but adding an html is easier for most people.
So create a blank html file and add it to your wp-content folders (plugins folder, themes folder, etc). I personally like to write something in that html file. Something like:
“opss, you are in the wrong place. Is this the page you are looking for? [website link]”
Hope this helps.
Take care.
Mouh
Mouh recently posted..5 Clever Ways to Increase Sales
You are one smart guy Mouh… Wow, I typed it in and got a blank page so does that mean I’m okay? I’ve uploaded everything that was suggested that I do. Not that I think anyone would want any of my stuff but I know some people just get bored and like to make other people’s life miserable. Glad to know that I’ve got people like you who can help me understand other things I need to implement in order to make sure I’m protected.
Thanks you so much for this. I appreciate you coming back over and sharing this with us.
Have an awesome weekend.
Adrienne
Hello Adrienne,
Thanks a lot! We are here to help each other.
I think your wp-content is already protected with some .htaccess fixes.
Oh yes, I know some people who like to make other people’s life miserable. I just hope we don’t meet them on our blogs.
Have a great day!
Mouh
Mouh recently posted..5 Clever Ways to Increase Sales
I’m so happy to hear that Mouh… I appreciate it, truly!
I think I have everything in order now. I’m really protected now and feel SO much better. It’s really sad that there are still those types of people in this world.
It’s been an awesome day and hope yours has been the same. We’ll talk again soon.
Adrienne