What to do when your blog gets hacked?
I've been building WordPress sites for several years now and one thing that frustrated me hugely when I was starting out was just how often my blogs got hacked.
Of course, I knew nothing about WordPress security back then but the necessity of having to keep sites up and running meant I had to become a WordPress security expert pretty quickly.
These days I put that expertise to use by building secure blogs for clients.
There's a reason I use the security plugins I do and it's frustrating when clients don't listen to my reasons for using such plugins. Two cases in point occurred in the last week:
Blog 1 was hacked because the client had gone to another web-designer to have their site redesigned and that web-designed knew nothing about WordPress security.
Blog 2 was hacked because someone with admin privileges was sloppy and careless. That's my guess. A couple of the security plugins I'd installed had been deactivated. I go on at length about why these plugins are needed so clients should be aware of the consequences of not following my recommendations.
You can read about these hacks in greater detail here:
http://webbizkb.com/blogging/this-is-what-happens-...
Cleaning up a hacked blog is a pain. And it can take a lot of time. And it can be expensive for the blog owner, both financially and reputation-wise.
WordPress is the most popular site building platform out there, so of course it's going to be a target for ne'er-do-wells who want to put other people's hard work to their own advantage. And if a site or business gets steam-rollered in the process, that's more than acceptable collateral damage to them. They just move on to the next easy site to break into.
Don't skimp on your site's security. If you do, you will regret it in the end.
I have a number of articles about site security at http://www.topdesignblogs.com/blog
Recent Comments
6
Aren't most Wordpress security plugins blocked by WA?
I worry about the security of my website often - especially if I become reliant upon it as a source of income.
Thanks, I have next no knowledge on this, so will read your articles to educate myself further! Appreciate the info, regards, Lisa
See more comments
Gary do you not think the security WA provides is sufficient.
WA is in its own sandbox (SiteRubix) and has its own security features. I build standalone WordPress sites and there's little out-of-the-box security. I learned this lesson the hard way and I now use a small arsenal of security plugins to protect my sites. Many people who build their own sites or, worse, build sites for clients, don't provide those sites with enough security. There's a reason over 30,000 WordPress sites are hacked every day.
I understand now thanks Gary