My 5 Month Old Blog Hacked. Bloggers Beware!

Hello

your cpanel or ftp details working ?

Lesson learned from all this: keep a backup of your blog at all times. This way recovery is relatively painless.

I'm interested to know what you did to make it hack-free. Is there anything more you could have done that you now know about?

at first don't share any kind of information about your blog, mail, affiliate account anything with your friends. friends are the main enemy remember it. i am experienced in this problem.
don't worry if one is lost don't stop working and don't loose hope. may be better is waiting for you in future.

BackUP BackUP BackUP............There is no such thing as Hack Free even the pentagon that spends millions of dollars on cyber security gets hacked not to talk of someone paying $49.95 a month or less for hosting ............. BackUP BackUP BackUP do this daily and you will not loose you work if you eventually get hacked.

I was wondering why people target your blog to hack.

Have you checked your PC for possible virus or trojan infections?


Securing your blog is not going to do any good if your passwords can be "sniffed" by a Trojan.

Good luck in restoring everything

what steps did you take to make your blog hack-free?

Yep, I back up on a regular basis, and the host keeps backups too. If you have your wp-content files and the database then you can roll back. If they get ftp login then they can make a real mess. A client once had Gumblar virus, stole his ftp details and then uploaded loads of stuff. Nasty.

One extra bit of security, if you have a static IP address, make your wp-admin directory and the wp-login.php page only accessible to your IP. Also, some webhosts allow you to whitelist IP's to log in to the control panel. This way having your password does not help. A pain if your ISP changes your IP, but makes it much more secure.

There is a plugin that works in a similar way and will help if your IP changes, although I have not used this, do everything through htaccess. - WordPress › WP Login Security « WordPress Plugins

Oh, and if your admin account is still "admin", change it. Create a new user, make that user an administrator, then login as them and delete Admin account.

"Backup", "Security"," Virus protection"... those are some of the keywords I registered from this thread. Thanks for sharing the experience.

Looks like you need my product WP-Padlock Security Suite, you can view the WSO thread here:

http://www.warriorforum.com/warrior-...ity-suite.html

~AzSno...

Here's a tip,

DO NOT use your normal, everyday PC when accessing your hosting account.

I use a Linux operating system called Ubuntu. Don't let the word scare you. This Linux version acts and looks like MS Windows. What you do is get this pre loaded on a USB thumb drive. Linux OS even has a browser and Open Office preloaded so now you can connect to youor webhost and work on your blog.

What you do is plug in the USB drive and reboot your PC. You're now running Linux in your PC memory (there's no install required and completely runs off the USB drive!)

When you're done just remove the USB drive and reboot your PC back into Windows XP/7 etc. This is relatively safe as when you reboot the PC everything is erased from memory.

You can purchase a full operating system thumb drive on eBay for 10 bucks! (NO Aff. link)

http://cgi.ebay.com/NEW-UBUNTU-10-10...item56438d7914

This works for me and I've NEVER had any hack problems. I just make sure I never log into my hosting accounting on my main computer as there's potentially more risk.

Give it a try!

Dennis