What Would You Do If Your Blog Were Hacked Today?

What Would You Do If Your Blog Were Hacked Today?

Last updated on
backupbuddy review image

Don't get stuck with the last option...

It was a beautiful sunny Sunday afternoon here in Southern Arizona, when I went to check on my blog and your comments, when all of a sudden I got an error message that the page might’ve been moved.

I couldn’t see my blog, I couldn’t log in – I was in panic, to say the least.

As of late, I heard many a story from fellow bloggers of their blogs being hacked, stolen, high-jacked, gone with the wind…

Take a look at what Steve Scott of SteveScottSite.com had to say about his unfortunate recent experience with hackers:

“In February 2011, I had my blog hacked by an unknown person.  This was a particularly nasty virus since it installed malware on the computers of any site visitor.  So it basically attacked my regular blog readers.

Overall, this attack made me extremely angry.  It was a not-so-great reminder that the blogging world isn’t a utopia.  There ARE people who feel no guilt about trying to destroy the hard work you put into a blog.

Fortunately Steve (from SteveYoungs.com) was able to fix this issue.  So I guess it also showed me that there are also amazing people who are willing to take time out of their day to help you out.

This experience has taught me to be a lot more careful online – Especially when it comes to the security of my site.”

That’s why my immediate reaction was my blog was hacked and all my hard work just slipped through my fingers!

My first call was to HostGator, my blog host.

(By the way, this instance doesn’t relate to my recent trouble with Hostgator – many of you noticed that my blog was down almost all day on Saturday. After a couple of hours on the phone with Hostgator, they restored my site without giving me a good explanation as to why it was down to begin with.)

Thankfully, after about 10-15 minutes of “looking into it“, they realized that my server was simply down and they were working on restoring it.

But in those 10 minutes, my blogging life as I knew it seemed a very distant past – I feared the worst.

Prevention IS Your Best Defence

In order to ensure hackers don’t stand a chance with your blog, follow these simple steps.

1.   Stay on top of your updates!

This is one of the simplest defense mechanism there is.

Each time you update your program versions, you stay current with the newest security codes within your site.

Most hackers, once they see that you are staying on top of your updating, will simply move on to the next victim – the ones with older versions are much easier preys.

2.   Create a strong password

Please stay away from passwords like “12345″ – really.

Also, using the same password for all your logins can prove to be a costly mistake: once the hackers crack that nut, you are in big trouble. Game over.

3.   Monitor your site

In our day and age of roughly 15,000 plugins out there, you can be sure that there is a plugin for that.

Just below, you’ll find out what plugins are keeping my blog secure – I think I have a great mix of both backing up and monitoring plugins that are automatically keeping tabs on my blog by constantly searching for suspicious activity and any unauthorized changes to it.

That way, if something fishy were to ever happen, I will be immediately notified and can take a quick action to minimize any possible damage.

Security Plugins I Use at TGC

So, what was the very first thing I did when my blog was back and running?

I was resolved not to take any chances with such an integral part of my business, my blood, sweat, and tears – my blog, and rushed to purchase BackUpBuddy – the only plugin that I know of and trust to back up EVERYTHING: your posts, images, plugins, themes, settings – everything.

So here’s a rundown on what plugins I am currently using to make sure my blog is secure – I highly recommend you look into them as well.

BackupBuddy

After doing some due diligence on the matter and studying the options, plus from recommendations of several bloggers I trust and respect, I decided to install BackUpBuddy to bring me the peace of mind I was seeking once and for all.

What it does:

1.   Backups to your server, Amazon S3, Rackspace Cloud, FTP, or e-mail.

2.  Quickly and easily restores your site on the same server

3.   Or migrates to a new server with a different domain and database.

The process is easy, fast, and reliable – I can attest to that.

And did you see me mention that “migrate” function?

If you are thinking of switching your host or going from any other blogging platform to WordPress, BackupBuddy will make that change a breeze.

Cost:

$75 for 2 sites.

Peace of mind it buys:

Priceless.

Login Lockdown

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range.

This helps to prevent brute force password discovery.

Secure WordPress

Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.

WP Security Scan

WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions such as: passwords, file permissions, and database security, among many other features.

Plugins I No Longer Use

WP-DBManager

What it does:

Allows you to optimize database, repair database, backup database, restore database, delete backup database.

What it doesn’t do:

Back  up your entire site; only your database.

WordPress Easy Backup

This is the plugin that I used prior to BackUpBuddy.

What it does:

Created backup archives of your entire site, not just database.

What it doesn’t do (well):

This issue has been brought to my attention by Andrew Rondeau, the mastermind behind my favorite blogging course, Income Blogging Guide.

He simply asked me if I ever tried to restore my backed up files back to the blog. As I was doing some research, I heard more and more complaints that bloggers had problems with this part.

But isn’t the point of backing up your blog to be able to restore it, if there’s ever a need for it? My point precisely.

Marketing Takeaway

Backup WordPress Easily

It took that scary moment in my blogging career to realize that my blog security is not something to be taken lightly.

Up until that moment, I used NOTHING to keep my blog safe and keep myself sleeping at night.

I don’t feel like a possible victim any longer.

I now have confidence that no matter what happens, I will take my blog with me anywhere I go.

I am sure you’d love that peace of mind as well.

Check out BackupBuddy and other plugins for yourself and see if that’s the right solution for you.

==>http://www.TrafficGenerationCafe.com/BackupBuddy

I made my choice.

Have a better plugin suggestion? Comment to show me that you’re alive!

ana hoffman backupbuddy

Image credit: http://humor-in-photos-and-pictures.blogspot.com/

 

traffic generation cafe comment below

Google+ Comments

73 Comments (click here to leave a comment)

  1. I use Better WP Security to try and protect my site after it was hacked. Luckily I use Backup Buddy and send a weekly backup to Amazon S3. The hackers deleted everything in my directory including my backups. So if I didn’t have them off site, I would have lost a years worth of work!

    Better WP Security will show you bad login attempts etc. So far I have over 600 attempts to get into the admin account in the past two weeks. Fortunately one of the first things I did was delete the admin account. So I know it’s a hacking attempt since the user name admin no longer exists.

    I checked some of the other sites I run for non-profits after I was hacked and installed Better WP Security on those sites as well. Checking the logs, they all have attempts to login to the admin accounts as well.

    It’s happening to everyone, you just don’t know because you don’t have the software to show it to you!

  2. Hi,

    I just found this blog post and it gives great security advice. Cheers for this useful information.

    I’ve subscribed to your RSS feed now to keep updated.

    Best Regards

    Andrew

  3. Ryan Eisenhower

    That’s a terrifying concept, and having all your work just thrown away would be devastating. I think all bloggers should do their best to keep up with the security of their blog, just like they would with the security of their home.

  4. Once I had a similar problem. I went back to an earlier backup which didn’t seem to work either. I frantically called the hsting company and they told me the problem was at my end. The site just didn’t show up. After days of tweaking it turned out that the hosting company made a mistake. So, I guess before panicking, it makes sense to call them and see if they are aware of anything we are not.

  5. Nice write up i had my site hacked earlier this year and that was not a nice feelings hackers are getting smarter everyday and there is not much we can do other than take prcaution and keep a backup on a daily basis on our local computer and on a memory stick

  6. Adam James

    Hi Ana, I’d be mad if it happened I guess.

    Really glad i’ve subscribed to your blog, this is brilliant stuff .. I like how you show what you’ve used and what you don’t use those plugins now, really cool stuff .. i’m going to check backup buddy out soon, it looks to be the best solution so far.

    I’ve noticed a lot of people have problems with WP-DBManager, expecting it to back everything up, it’s a pitty really .. there does seem to be a huge amount of confusion around this issue, infact I did a quick google search about backing up WordPress, and a great deal of articles don’t mention the fact that WP-DBManager and similar plugins only restore the database – so i’m glad to finally see someone setting things straight, thanks Ana :)

    • Hello Adam

      I’m glad you subscribed too :-) I appreciate readers who become part of the community of my blog and contribute comments.

      Also glad you enjoyed the post.

  7. Hi Ana,

    Thanks a lot for sharing this. I have been thinking a lot about this lately, since I’ve experienced that my gmail was hacked, and malware on my website (server) and internal server error and a lot more. I was afraid that my blog was hacked and that I would never be able to get all my content back online. So, what I did, was start using VaultPress and CloudFlare (and sucuri.net)… now, everything is almost perfect (I’m still getting some errors, but I’ll deal with them as soon as I get back from my vacation).

    I’m also going to check out what you’re recommending here. I’ve looked at BackupBuddy earlier, but before reading your post, I signed up with VaultPress and I’m very satisfied with them.

    Jens

  8. Nipon

    Whatever you do,you cannot prevent hacking,backup is the best solution for small businessses

  9. Usman

    Hi, Anna !

    I don’t really know what kind of people are these who don’t even think that what they are going to do will ruin the whole hard work, of may be years..

    I think they don’t have minds or heart, but I do recommend amazon back service.

    Kind Regards.

    • They do it because they can, Usman – most of the times there’s no gain in it for them, just a powertrip.

  10. Wow, haha you must have been thrilled, feel sorry for you but luckily it was just a server problem, I’ve read many stories from other bloggers who have had their accounts hacked, even makeuseof.com, I’ve got to get backup buddy asap!

  11. Over at Technology Bloggers we use Login Lockdown. I think it’s really great, and having tested it myself, I know it works as I have managed to lock myself out before!

    Secure WordPress sounds pretty cool, I might just have to check that out :-)

    Keeping WordPress up to date is a must.

    Also, make sure you regularly and back up your database, then if you do get hacked, you can restore your blog relatively quickly.

  12. Hi Ana,

    I’m glad your blog is still here. :) Though when I first opened your main url (trafficgenerationcafe.com) it showed an rss feed. Did you really do it on purpose?

    • Definitely not, Calli – might’ve been a redirection mistake of sorts, but all seems to be working fine.

      Glad to be back as well!

  13. It was! lol
    Not mine personally, but my instructor’s site which I host and maintain. What a pain in the butt!
    Lucky for me, they just changed the database password.

  14. I was recently locked out of my blog when I logged in to maintain my blog from a remote machine. Now I use a contributor log in remotely to be sure hacks don’t have administrative access. I placed a support ticket to my host site and they had me back up in no time, I was very impressed with their response.

    I am going through every inch of this post and making notes as I was just researching security measures and backup systems, thank you for this timely post.

  15. Great post, I’m glad I finally found the time to come here. I like the style, as well. I have subscribed, and more, I shall use your book at maximum. I also met you on Twitter, but that doesn’t matter. I’ll visit more, because I found value, :)

  16. You’re welcome, Mark. We always think “it won’t happen to me” – but unless adequately protected, it may just, one day.

  17. Hey Ana,

    That is scary. I don’t know what I would do if I lost my blog to hackers. Luckily I do use some plugins to back up my site on a regular basis.

    Let’s hope that the hackers stay away.

    Thanks for sharing Ana and have a great day!

  18. Hi, Ana-

    My site got hacked a few months back, even though I thought I was well protected. It’s not a good feeling to realize that all your work could be lost, or that your readers are at risk. In my case, I found hundreds of emails per day were being sent out, apparently from my email address. A good friend that specializes in security was there to help me, and we saved everything and put a stop to it. In that instance (for the first time), my host was essentially useless in stopping the emailing issue.

    I recently did a post on my blog recommending Website Defender (http://docsheldon.com/keeping-your-site-secure-against-spammers-hackers-and-malware/), that monitors your site and emails you about any and all changes made, even at a deep level. Unfortunately, I later found that it was conflicting with something else.

    One of my readers turned me on to CodeGuard. It does complete backups via ftp, and also monitors all changes, and will restore and migrate much like BackupBuddy. They have a free level for a single site, a $10/month level for unlimited sites and a pro level with extended services. I will be doing a review on the pro level in the next few weeks.

    Whichever system one opts for, they should definitely heed your warning and ensure they have adequate backups, TEST those backups for restorability (many such backups leave out critical configuration data, making them difficult to restore), and MONITOR their site for unauthorized changes.

    • All is well that ends well, Sheldon – learning from our mistakes is the best and sometimes the necessary way to learn.

      CodeGuard sounds like a good alternative, especially if it’s free.

      I’d love to see your review of it when it’s ready; maybe, you can come back and post the link here – I’d love that.

  19. I am with Hostgator and last time I checked, they do only weekly backups – not nearly good enough.

    With Bluehost – do they back up EVERYTHING, so your blog looks exactly the way it does now when you restore it? I know some backups only do databases, which doesn’t do you any good.

    Sorry you had trouble with BackupBuddy – I love it!

  20. Mmm… Scary biscuits Ana.

    My Hostgator server is down right now =(

    But CloudFlare has come the rescue with their ‘Always Online’ technology which (having stored my content in several nodes) can produce a working ‘snapshot’ so my site remain ‘up’.

    I’ll be publishing a review of CloudFlare and it’s benefits on Friday Morning Oz time where you can read more of my thoughts on it – or head straight for the ‘horses mouth’ at CloudFlare’s own site.

    As for the threat of hackers, I maintain my stance – Scary biscuits. Might have to look into your hardcore backup suggestion. Anyway, glad you’re up and at ‘em again :)

    • I just started using CloudFlare today, Jym – so far, so good!

      If it works as well as they say it does, wow, what a solution to hosting problems would that be.

  21. I have had my blogs hacked before, so I totally understand how you felt Ana. In my case the problem was my personal laptop which was not protected by an appropriate anti-spyware software.

    Remember that hackers, spyware or any other type of malicious software can get to your blog through the laptop or PC you are using to maintain your blogs, using FTP or any other admin interface.

  22. Aloha Ana, great post and well informed list of methods to use. I had similar situations, more than once and I immediately emailed/IM Hostgator and they where on it ASAP and fixed it for me. In fact, couple of the wp plugins were the issue creating the shut down and had viruses attached to it.

    I will need to check out this backupbuddy you speak highly of. Glad I came by and thanks for sharing! Mahalo, Lani :)

    • Nice to see you here, Lani. They do seem to be on it quick, provided you realize it before much damage is done. Backing up is critical!

  23. Great post, Ana. I’m afraid to say that my blog is poorly equipped to handle any kind of attack from hackers, phishers, or any other kind of malcontents out there. It is a scary possibility indeed.

    • I know how you feel, Josh – I wasn’t ready for anything either.

      Hope you don’t wait till something actually happens…

  24. John F. Wagner

    I would like to know how you got BackupBuddy for $45 for two sites? Everytime I checked it has been $75 for two sites. What is your secret? I would love to save $30.
    Not criticizing your choice, because I think it is a good one.

    • Good point, John – I just checked the price and sure enough, you are right.

      I just bought it a couple of months ago; must’ve used a promo of sorts.

      I’ll do some checking; will let you know if I find anything usable.

      Meanwhile, I need to change the price in the post. Thanks for pointing it out.

      • We have also tried backup buddy and I’ve discovered that not all hosts will open up their systems to allow it to download – this has been an expensive error on our part. My hosting company felt that allowing a programme like backup buddy to run an programme on the server was in itself a risk. So just check before you spend the money.

        • Interesting, Julie – I’ve never heard of a host that wouldn’t allow third-party backups. I am with Hostgator and never had any problems.

  25. Very important topic.

    I have written a post about how one of my Dummy Blogs urls ( for testing ideas) was being used to run thousands of dodgy links through. This was with a Blogger. com blog, where the url had the Blogspot.com on the end. My own custom urls were not affected at all. Somehow they are using Blogspot Blogs to run their network off the Blogger server.
    Most Blogger(Blogspot.com) users will have no idea this is happening. You will still have access to your Blog to write, edit and publish. Though you will not(Without doing some research) realize it is taking place. I went a checked the sites(Some of) and they had managed to somehow mask the Blogspot url into their site url(Like a shadow). I decided as it is just a blog for testing, it is much safer to delete the Blog.

    Further, I noticed this strange occurrence spreads from one Blogspot blog to the next. After deleting a few of my practice blogs the issue stopped, and has never returned. I am not sure why Blogger.com(Google) have not made any mention of issues like this.

    Many of the techniques used to hack peoples accounts, PC’s , Websites, etc are not far removed by methods used by many Blog and website owners whilst pushing for success, who go for the more hard core ” Black Hat” approach.

    A few years ago I had a PC attacked and was told it cannot be fixed by a tech head. He said throw it out(only two years old, and costly).
    In the process of fully repairing that PC myself, and looking at any attempted hacks, I saw the similarities between the hard core hackers(Included cyber criminals) and the extreme end of ” Black hat marketing approaches”.

    • Very interesting experience, Daniel.

      “If you want for something to be done right, do it yourself” – definitely proved true in your case, huh?

      That’s why I use WP, not that it’s hacker-proof by any means…

  26. John

    Great tips for security. I always update my wordpress as soon as possible. It helped me prevent hackers using vulnerabilities. I also use some strong passwords. I can say that no one has hacked my site so far.

  27. Ana scary story and we all can be hit without warning.
    The Login Lockdown is a plugin outdated, you can try Limit Login Attempts, a little more updated.
    Also an Antivirus plugin for the WP installation and theme is welcomed
    I’m backing up my complete site via Cpanel directly often – anyway I’ll check all the recommendations, specially Backupbuddy.

    Best for you,

    Gera

    • What makes a plugin outdated, Gera? Thanks for the recommendation.

      Does backing up via Cpanel back up the entire blog including posts and images or just database?

      • Login LockDown is a plug-in that last update was on 2009 and the compatibility is tested till WP 2.8.4. Perhaps it works still great, but it can be a potential problem with other plugins or new WP versions.

        Limit Login Attempts last update was on 2011 and the compatibility is tested to WP 3.1 – this is a little better.

        Anyway, it depends of the importance of the plugin and how deep enters in the system. For instance, I use still Keywordluv and last update was on 2008…

        Speaking about backing up via Cpanel, you have the option to back up the full site (all DB, images, themes, plugins, etc) and if you need to restore, the host must do it for you and the Home directory with all your data too.

        Nevertheless I back up also only DB, and the rest of components to email daily, but I’ll consider the Backupbuddy as a possibility, but when it has a nice discount ;)

        Cheers,

        Gera

  28. Melanie

    Hi Ana, wow this is a thing to think. Your post is very useful for me because I’m learning all about WordPress :). I like BackupBuddy, I will give it a try. Thanks for your post.

    • You are very welcome, Melanie. It’s best to start learning good habits from the beginning – I wish I have. :)

  29. Lalit

    Happened with me too a few days back at 2 a.m when my blog’s administrator area wasn’t accessible due to some mailing script.. I feared the same way. Thankfully i have the back up sent to my mail everyday! :)

  30. Hey Ana! I’ve been urging bloggers to “back up” for years! Google up the program HTTrack: that software will “absorb” an entire website for your offline on-your-own-time viewing pleasure: I have the entire first year of my first blogspot blog right here on my harddrive!

  31. This is extremely important. believe me I have had my share of problems so I try my best to stay on tip of everything…if not then cross your fingers..

    “Black Seo Guy “Signing Off”

  32. I can highly recommend this plugin “WordPress File Monitor” – HUGE number of hacks in last year or so was through your host actually being compromised and then your account hacked among the many others. This plugin will help you get notified whe that happens and will let you know EXACTLY which files were modified.

  33. I don’t know why we need to use BackupBuddy while there’s a free plugin called as BackWPup that works perfect (at least for me).

    It can send the backup of your site to email, host, ftp, Amazon S3, Rackspace cloud… also, perfect in schedule, logs report…

  34. Graham Lutz

    I’m waiting for someone to use hacking as their promotional method for their security product.

    If someone hacked my blog with all the security measures I have in place and simply said, “hey, I got in, let me help you keep others out,” I’d be all over it.