Two days ago I received a warning email from my hosting company telling me that a specific account on the server where I have a WordPress blog was suspended for security reasons. After inquiring with them further I discovered that one of my old blog that I only use for testing was a hacked WordPress blog.
The email message I received was saying:
There is an administrative issue with your account that requires an immediate response. In order to maintain the ongoing integrity of your hosting service, please log into the Customer Portal and reply to ticket ECB-106602-48978.
That’s an email I had in my mailbox early morning and was wondering what was the problem, for which website and for how long… I even thought of a billing issue and was already very worried. At worse, I would have had a few sites down all night and that’s not very good for business.
After logging in the customer Portal I had the following ticket:
The ‘xyz001’ account has been compromised. This is likely the result of an outdated and/or insecure installation of WordPress and/or one of its plugins or themes. I have changed the password for this account and suspended it in WHM to prevent further abuse. The account should be audited and updated accordingly. I disabled hacks in the following directory: /home/xyz001/public_html
First, I was relieved that it was not a billing issue… and secondly that the mentioned compromised account was an old installation of WordPress that I used for testing themes and plugins… So there was no harm there for my online business with this hacked WordPress blog.
Hacked WordPress Blog
I have now to fix my hacked WordPress blog, which is not a big issue as I have been working with WordPress for a long time and know how to investigate problems and fix them. The thing is that fixing this is wasting me a couple of hours at least.
Why this had happened?
This happened because I did not update regularly this WP installation and as it was a bit old hackers took advantage of it. Secondly, I had a few free themes active and these are more vulnerable. And at last, as this was a test account I had a lots of plugins and this is another source of problems with poor programmed plugins. This resulted in a hacked WordPress blog.
Following the 3 following points should prevent you from having to experience a hacked WordPress blog:
- Regularly update WordPress when an update is available. This is very easy to do as you just have to follow the instructions in the yellow notice in the Dashboard. Be aware though that you may run into problems when updating and a back-up of your files and MySQL database should be made before updating.
- Always update the theme you are using as they may correct security flaws.
Also refrain from using free themes as they are the most likely to give you trouble in the long run. Free stuff is good, but blogging will take your time and lots of effort, so why risking your content with problems down the road to just save a few bucks?
- Be careful of the plugins you use and update them regularly. Before installing make sure that they are working for your WordPress version and see how many download they have, the rating and the reputation of the developer. If the plugin has not had updates for a long time, that’s better to look for another one that does a similar thing.
I hope this tips will help.
WordPress for Newbies
If you are a beginner, there are lots of challenges to install, set-up and maintain WordPress on your own hosting account. Most newbies waste a lot of time, months, to learn the ropes and they are doing everything, but blogging. When the blog is finally in place, they get hacked because they made mistakes… and they get crushed!
What if you just want to blog and not have to worry about all the technical stuff?
I suggest that you get a look at a revolutionary blogging platform, which has been built for the non technical person who just want to blog and develop an online presence.
It is called the Blog Beast, and even if I am a WordPress expert I also have 2 of these because they are so easy and fun to use.
When you look at the 2 examples, you see that they are different. The color theme is different, the margin is at the left for the first one and the right for the second one, and the 3 banners are customized.
Something you don’t know is that posts rank much faster and must better in Google. The two blogs are in one account and I can create as many blogs as I want. I can use my iPad or iPhone and blog via an application…
All this for a small monthly fee.
If you do not want to experience a hacked WordPress blog, click the button below.
Get it here.