I am probably an innocent abroad, nonetheless it never occurred to me that my blogs were worthy of anyone’s notice to bother hacking them. However, hackers appear to view even the littlest of blogs and users as fair game.
A few weeks ago, many of my blogs were hacked so when I use a number of them as landing pages for my articles, this is a huge set-back to my article marketing career!
Now I really like WordPress, but I must confess that whenever “they” explained how easy it had been for a beginner to get started with WordPress, for anyone who is new to “all this complicated ftp stuff”, it is a very steep learning curve. (I’m glad I persevered.)
However, I was just beginning to feel I’d learned the essential principles, and had create about ten blogs with a little income coming in online, when catastrophe struck and I got several hacked within a single week. Repair hacked wordpress website ask how or why it happened – I’m not even sure easily know myself what went wrong, but one after one I started receiving warning messages from Google, and I realized….
Help – my blog has been hacked
To begin with I was pretty unconcerned because I had, of course, backups of most my blogs. I did this utilizing a popular plugin, so I imagined it could be relatively easy to restore the damaged sites from the backup.
How completely wrong could I be? I clicked at the “restore blog” help page, and my spirits sank when i browse the instructions. I couldn’t help but feel I would need a master’s degree in IT it was so perplexing (to me, as a newbie).
I asked on WordPress forums and even though everyone there was very sympathetic, their suggestions were largely beyond me. Several clicks to them could be an hour for me to figure out.
In my own horror that I couldn’t work out how to get over the backups I wondered whatever next. My son, who works inside it but knows nothing about WordPress, suggested that I talk with the three different serves where my blogs were hosted and ask if they knew how to re-install my backups and tidy up the hacking.
It was here that an interesting disparity came about. The first company, Hostgator, had me back online again in just a few days, all hacks removed, without even resorting to my backups. I don’t know how they did it, but top marks to them.
Hostica, my second webhost, were also extremely helpful and patient with my problems and misunderstandings, and re-installed the websites from my blog backups.
Unfortunately, although my content was unharmed I had lost all my blog customizations and plug-in settings – that i gather is something “everyone” knows happens once you restore or move WordPress sites. (Well, everyone but me!) So I still had quite a few hours work to do to get back to the pre-hack condition. I suspect I have lost lots of the “tweaks” I made without noting them down, because having taken backups I never expected I would lose all my settings.
A third company, which I will not name, has still (a full month later) not managed to recover my site despite access (a) a backup from the plugin and (b) files I had ftp-ed onto my very own PC as another means of backup. To put this in context, Hostica had my websites content (but not settings) recovered within a quarter-hour of me sending them the backup from the plugin.
So after 6 very useless weeks, all except one of my sites are online again, and attempting to recover whatever credibility they had with Google and co!
Preventing and Dealing with Hacked WordPress blogs
But what advice can I pass on to fellow newbies out of this disaster?
1) Support from your own hosting company is essential. Hostgator and Hostica gave me excellent support and I shall continue hosting with them. Company three has been a catastrophe, yet when I check online, other people give them good reviews. Draw your personal inferences from that.
2) Ideally your webhost will undoubtedly be making regular backups of one’s site just in case you need them to recuperate a site for you personally. But it’s still smart to have a backup of your own, in case the hosting company fails. (Unlikely in the event that you choose a reputable company in the first place.)
3) Other tips to prevent such hacking before it happens, are to change your WordPress admin user from “admin” to something more obscure, use a remarkably complicated password that includes special characters, and change your profile so that your first name is displayed, not your user name.
4) It is also important to keep all your plug-ins, plus your version of WordPress up-to-date, and make certain that you do not display which version of WordPress you are using.
These and other tips I learned from the free plug-in WP-Security Admin Tools, which I suggest you implement immediately, as it will highlight security weaknesses you can fix.
Best of all, I ran across a tool that lets me take a complete clone of my blog in minutes, and recover everything (content, plug-ins, themes and images), even to an empty domain, such as when relocating my blog to a fresh host.
EASILY had used this inexpensive program before my sites were hacked, I would have been able to restore them within a few minutes from clean, compressed backups, such as for example those I will have on my PC.
In the future, if I were dissatisfied with my webhost, these copies certainly are a breeze to go to a totally new company.
Or should I would like to duplicate an empty customised blog to start out a fresh one with the same setup, that is also the tool for the job. In fact that’s its main purpose – the backup function is advertised as another function.
Establishing the tool was a piece of cake with Hostgator. Setting it up with Hostica didn’t work first time, but the publishers caused me to identify and resolve the down sides, which were in database settings, so all is well now.
Yet another example of excellent support came from the their staff.
To conclude, my recommendation to any-one, newcomer or experienced user alike, who is concerned about how exactly to backup and safeguard your WordPress blog is to save yourself hours of grief and heart-ache, employing this tool.