Ever had your WordPress website hacked? Want to keep it from happening again? This week on the Late Night Internet Marketing Podcast, I talk all about my holiday excitement which involved 17 (count ‘em, 17) hacked WordPress websites.
I also discuss the new “State of Blogging” report from ConvertKit.
When I found out that my site was hacked, I looked at the nature of that hack and found out that hackers had compromised the website and added a tremendous amount of content to the site. The CPU load on the server had gone through the roof because of the enormous amount of traffic as the site was being used a bots and other things. When I did an audit, I found that the tons of information added that I didn’t own drove the disk to be almost full – it was a totally mess. It was a total takeover of my 17 websites which were on this one server. Luckily, the server was hosted at Site Ground so I sent a ticket, pinpointed the time it was hacked, and asked them to roll the site back and restore a backup from the time when I believe it was hacked. This doesn’t work every time though as hackers sometimes now that that this is what you will do. They will exploit the site and will let that sit dormant for a long time so your backups are too old to be of much use. As for mine, Site Ground fixed it pretty quickly and I was back up running but with a website which had been restored to its previous state, which we know, can be hacked.
So how do you harden a website? Majority of the WordPress hacks either come from the hosting platform or from out-of-date plugins. Here’s what you can do today with practically no technical expertise:
- For recovery purposes, have good backups. There are plugins that you can use for backups but there is nothing which can beat a server backup from your server provider. Check in with your host to see if they provide backups and if you can afford that.
- Make sure WordPress is up-to-date. Get everything updated to run the very latest version as you need to make sure that your site is secure. This includes your themes and plugins so I would recommend turning automatic updates on.
- If you have bunch of stuff installed that you are not using – themes, plugins – delete these junk out of WordPress. Go into your plugin/theme manager and remove them as they can provide points of attack. If you do not need a plugin, do not use it. Use plugins only if you need them.
- Do not use ‘admin’ as username for the administrator of your blog. This gives hackers half of the puzzle. Harden your password – change this often, make it very hard to guess and consider using two-factor authentication.
- Use the best hosting service and sign up with a reputable one. Choose one which is designed for WordPress.
- Add your site to Google Search Console as they are watching your site thereby will notify you once your site is hacked.
- Add a security plugin. I use WordFence which has firewalls, looks for hacking and bots, pays attention if your plugins or themes are out of date and sends you notification emails if they are.
Here is the message that I received from Google….this will really make your stomach hurt. Especially when they start coming in for multiple sites one right after another – “WordPress Website Hacked”.
Here is that video about the candle that a promised at the very end of the recording.
Links Mentioned In This Episode
- “State of Blogging” report
- WordFence Plugin
- iThemeSecurity Plugin
- Sucuri Scanner Plugin
- Jetpack Plugin
Want More Late Night Internet Marketing?
Help Me Help You
The more I hear from you about your struggles, trials and tribulations, the more I can help. So, be sure to leave comments on this post to reach out to me on Twitter @LateNightIM or on the LateNightIM Facebook Fan Page.
I’d love to hear what you think about the podcast. Better yet, I’d love to answer your question about Internet marketing on the show. Just drop me a line here on the blog or on the digital recorder at 214-444-8655. Don’t worry, there are no stupid questions. Unless you tell me not to, when you ask a question or leave a comment might even use it on the show.
Help Me Help Others
Thanks so much for your reviews on iTunes. We get a ton of exposure from iTunes, and we really appreciate the reviews there. At last count, we were over 100 reviews worldwide and counting. Reviews help us get new listeners — so I really appreciate you taking the time to leave a review. To leave a review, just go to latenightim.com/itunes and follow the instructions. Thanks!
Transcript for WordPress Website Hacked
Ladies and gentlemen, 2017 is upon us. There is absolutely no denying it. I have checked the calendar over and over again, and it’s here. I don’t know where 2016 went, but it’s gone.
Hopefully you took some time to do what I recommended that I do, the action that I gave you to reflect on 2016 and just congratulate yourself and be thankful for the things that you were able to accomplish. I know you didn’t get everything done that you wanted to get done in 2016. I totally get it. Entrepreneurs never do. We have more ideas than we have time and we just don’t get everything done. That’s okay.
I hope you’ve also had time to make some serious plans for just crushing 2017. Maybe you’re still recovering from the holidays and you haven’t done that. I want you to do that this week, because next week we’re going to start a couple of weeks where we talk to Ray Edwards about how he was so successful over 2015 and 2016 and what strategies he used, and the strategy that I’ll be employing this year to make sure that I actually achieve my goals in 2017. If you’re like me, and I think a lot of you are even if you’re afraid to admit it, there are a lot of times where you set goals that you simply don’t accomplish. This has been a pattern in my life. This strategy that I have for you in a couple of weeks, I think is really going to help you tackle those goals for 2017. We’ll get into that in the coming weeks.
This week I have a couple of great items for you. We’re going to start it out with some breaking news…
(Episode 121 Transcript Continued…)