Yes it’s been a little while since I’ve posted. That’s because my blog got hacked and I lost a lot of administrative functions on my site. In between that, and getting it fixed, I also traveled to and spoke at three different blog conference. Whew! I’m tired. And I have a lot to say. But I’m going to start with a word about internet security for bloggers.
Why is Security Important for Bloggers?
As I learned right after returning home from Type-A-Mom Blog Conference, even mid-level wanna-be-bigger bloggers are not exempt from hacking attempts. What I’ve found out since is that a hacker will often specalize in a particular type of hacking and once her finds a weakness in a particular area, in this case the theme I was using for this blog, he will have scripts that search automatically and try to break into your blog. It’s almost entirely automated. He doesn’t have to find my site and decide to try to “mess me up”…it just runs the program, finds my blog and begins it’s attack.
If I hadn’t caught the problem when I did it would have been much worse. So internet security needs to be a priority for everyone who has a blog or website of their own.
How can I Protect my Website or Blog From Attack?
1. Have a strong password. More about passwords in a second.
2. Update themes, plugins and your wordpress blog. DELETE plugins and themes you aren’t using from your dashboard. (Don’t just leave them inactive because the files are still connected to your database when you do that.)
3. Change your password every 30 days or so. If you’re using a good password that will theoretically take 80+ days to hack, changing your password every month keeps you with a very good chance of not being hacked.
How Fast Can Passwords Get Hacked? What Makes a Good One?
OK so this is a non-geek’s translation of what I learned at I_Blog Blogging Conference a couple weeks ago, hackers can break your password so fast. A “Class A” hack attack (Not sure what the actual name is) can crack most 6-8 digit passwords in less than a minute. Less than a second. And Class A was the slow one. Yikes! No wonder my little attempt at a pithy password didn’t hold up long!
To make a secure password have at LEAST 8 digits, 10 are better. And combine capital letters, with lower case letters, numbers and special characters (like _, &, or @).
By mixing it up, a hacker’s program would have to try many millions of potential combinations before hitting on your password and even with the higher level class of attack it would take days…months…..MUCH safer.
A huge thank you to Bryan Assata and Threshold Technologies for putting my website back to rights to quickly and ably. Much appreciated! As for my readers – more blog conference thoughts to come.
Nichole says
Glad you’re up and running again! I’m going to change my password now.
AngEngland says
Make it a tough one! Your cats name? No.
Janice - The Fitness Cheerleader says
I also back up my database & php files weekly. I was a victim of a hack 13 mos ago – it sucks to have to restore everything!
AngEngland says
I back up Untrained Housewife on a DAILY basis because comments, forums and posts change daily. Depending on your blog’s traffic and interaction level once a week may not be enough. I use a plugin that emails me the database backup file each day. LOVE it! One of the authors on Blissfully Domestic wrote about it recently in our blogging column – http://blissfullydomestic.com/2010/when-to-backup-your-wordpress-database
deb@simpleplate says
some hacks are directly related to blog themes but they’re rare. Most hacks are due to poorly managed hosting. Where there are tons of accounts on one server etc. commonly known as ‘shared hosting’. It is a good idea, to NOT advertise your blog theme, either in the header or the footer or in your css. Years of hosting experience and maintenance and protection for my own sites as well as clients have taught me many valuable lessons. Glad you got your site back up and running, but there’s still lots you can do to protect yourself and your blog.
AngEngland says
Interesting note about the Footer info. I also updated the passwords for my database and such as well but in this case it was the theme that presented the opportunity. WordPress itself can have weaknesses, or individual plug ins, etc.
Sue Robinson says
So glad you are back up and running! So great to hear you speak too at Type A!
Bryan Assata (Threshold Tech.) says
Thank you so much for the “shout out”. As soon as you add me on FB, I will repost. So glad to help.
Fiona says
WOW this is good info! I never thought about inactive plugins!