Imagine waking up one day to find your blog has gone! It’s been hacked so that either it’s physically broken or worse a virus has been inserted. Or it’s been closed down by your hosting company as, for some reason, it’s using up too many ‘resources’ and has broken their Terms & Conditions.
I’ve touched on Hacked Blogs in previous posts, and it has certainly happened to me – and I only found out when I investigated why all the Google Adsense ads, on a blog about dog training, were related to Viagra, ring tones and other ‘dodgy’ products!
Some of these hack jobs are caused by automatic bits of software trawling the web for WordPress blogs that they can easily break into. Kind of like potential burglars scouting for houses with mail piled up outside the front door, no car in the drive and no sign of activity ( or lights) in the evening i.e. nobody’s home.
Blogs that offer open doors to these malevolent programs and individuals are those running on old WordPress installations or have minimal password and Admin ID settings.
One basic thing to do, if your Admin sign has been set as admin ( which is doing 50% of the hackers job for them) is to create a new Admin account in ‘ ‘Users’ > ‘Add New’ with new strong ID and password ( don’t forget to fill up the email address box too). Then sign in as the new Admin and delete the old, less secure one.
Another is to disallow blog visitors to ‘Register’ for your site via ‘Settings’ > ‘General’ and make sure the ‘allow anyone to register‘ box is UNticked – you can always register contributing authors, editors etc. manually.
But these really are basics and we all need to raise our game on this. To use the previous analogy, no house is impregnable to burglars but given the choice between a well secured and defended home the burglar will simply stroll down the road to find more easy pickings – Lord knows he’s spoiled for choice!
I’m just checking out WordPress Defender and will report back shortly!