On the 15th of July 2011, my blog was hacked!protect-wordpress hackers

It was as if hell was let loosed on me, and I was on the verge of giving up, after 7 months of writing and syndicating quality, epic and well research contents, but something kept me going.

I don’t know how you would feel if you fall prey to these unscrupulous WordPress hackers. “It’s an event I’ll never forget!”

And because I got my blog back as it was, I’ve learnt my lessons and right now, I want to show you the five powerful ways you can harden your blog and become untouchable.

You probably know what I’ll be sharing, but I’m going to throw a professional light on it. You can’t continue blogging because it’s your passion – protecting your asset is the first assignment every blogger should accomplish. Without much ado, let’s dive in…

Are Blog Hackers Clever?

Certainly, hackers know what they’re up to. It’s like a fraternity where a challenge is thrown up and incentives will be given to the best ‘hacker’ for a particular month. But guess what? “Hackers are not really clever as we’ve been made to believe”.

They’re simply go-getters. They consistently seek for loopholes in a blog and when they find one, they would infiltrate inside the database and throw the bomb.

You could easily outsmart blog hackers by updating your WordPress knowledge. It’s disheartening to know that 65% of bloggers are ignorant of WordPress environment. They just want to write a post and hit the publish button. Are you like that?

Make a Decision To Stop Hackers

Protecting your WordPress blog from hackers begins with decision. Until you sit down and map out strategies to defeat these ugly people, they will never give up. One thing is certain, the moment hackers discover how ‘strong’ and ‘protected’ your blog and database is, they’ll give lie low for a while or give up entirely.

Some people just wake up every morning, think of something to blog about and that’s all. This kind of blogging attitude is tantamount to failure.

One of the best decisions you can make is to limit every intruder on the ‘surface’ level, before they enter your blog. And because you don’t trust anyone, never create an account for guest bloggers. Instead, let contributors send their articles as an email attachment. This way, you’ll monitor, scrutinize and approve whatever you want, without jeopardizing your database scripts.

We’re done with the intro, now, let’s highlight the five powerful ways to blog with peace of mind and keep away intruders, imposters and blog hackers easily. Enjoy it:

1. Encrypt Your Admin Password

There is so much information on blog security. Ideally, we’re instructed to use strong passwords. But there is a problem with strong password or let me rephrase that: you need a way to hide/encrypt your ‘strong password.’

A blogger friend of mine got his blog hacked in the same month as mine. His password is strong and believe me, I was marveled when I saw the length and characters used. He had (.*$/|` %) and all those hard-to-guess characters but he still was hacked. The problem isn’t the password; it’s the security of it.

Do you know that every password has to pass through several protocols (gateway) before you’re logged into your admin database? Hackers may lie low and send a script to hijack your password while it’s undergoing processing.

But when you encrypt it, ugly characters will be transmitted to those receiving gateways, and even if hackers hijack the password, they would be at loss because that wasn’t the correct one. Do you see how powerful this is?

Password encryption can be done in your database, but to avoid error, I recommend Chap Secure Login plugin. It’s the best password encryption plugin around. It’s powerful and entirely free.

2. Eliminate Fear of Getting Hacked One Day

Here’s a shocker: a lot of blogs were hacked because the owner was desperate to protect it. With news of bloggers packing up and going back to their ex-9-5 jobs, as a result of losing their blogs, beginner, intermediate and probloggers are so scared it would get to them one day.

The moment ‘fear of getting hacked’ penetrates and dominates your mind; you’ll do everything possible to be on the safer side. But guess what, this is the time when people install all manner of plugins, addons and continually tweak database files. To me, this is the most dangerous path to protecting any blog from hackers.

Do you know that hackers are now developing their own plugins and themes? No, they’re not bloggers, they are just disguised as bloggers and when their plugins are released to the market, a lot of bloggers grab them with open arms.

Have you been downloading and installing all manner of security plugins just because you’re afraid of losing your blog to hackers? Stop there and think again!

The solution to this is simple: relax your mind and ask others how they succeeded. If you know a blog that’s been around for years, without getting bugged, find out their secret and apply it to yours. But as much as you can, stop getting every security plugin – it’s the easiest and quickest way to ‘welcome’ blog hackers into your bedroom.

3. Update Active Plugins – Don’t Be Too Busy!

Are you so busy to update your CMS software, plugins and themes? I wonder what’s taking your time like this – because keeping your blog protected is equally a big project and ideally, it’s the best thing you can do as a blogger.

But some bloggers put away updating for other things like writing. I’m a freelance writer and I know how much engrossed we’re in writing. We prefer to write, write and write until we’ve nothing else to do.

But that’s the worst path to take in this 21st century. There are other things to learn, and one of such is blog protection. Stop postponing what needs to be done right now for another day. Tomorrow might be too late and when you eventually update a plugin, hackers might have gained access into your database.

Whenever I get an alert to update ‘stuffs’ on my blog, I quickly stop whatever I’m doing and update. When new version of a plugin, theme etc. are released for all to use, it’s an indication that hackers are after the old version. If you delay, don’t blame anyone for ‘blackout’ on your blog.

4. Move Your wp-config.php to a Non-public Folder

File structures on your blog are arranged in chronological order. Several of them are visible in the public folder and could easily be seen by hackers. Wp-config.php file is one of such files; it’s very delicate and should be protected.

Inside this file, that’s where your MySql password and username are stored. Blog hackers just need this information to destroy your hard labor. And because you cannot utterly remove this wp-config.php from the same structure where it can be located for database processes (login, logout, change password etc.), you need to move it up one bit.

When you login to your FTP account, if your blog is hosted on the primary domain, you’ll find this delicate file on the root folder.” Simply download or copy it, click the “up button” just once and paste it right there. Or simply, upload the downloaded version to a public_html or www folder.

You should rename this file to something ‘quirky.’ Ex. Instead of having ‘wp-config.php as the name, you can change it to: face-63eR-config.php. If you can’t do this, get someone to help you and pay for professional services. It’s a delicate homework actually, but it’s powerful enough to protect your blog.

5. FTP Account: Strong and Unique Password

A blog could still be hacked if the FTP account detail is weak. One of the reasons why I got hacked was due to a weak ftp password. As a rule of thumb, do not use the same password for your wordpress blog. In fact, your FTP password must be strong and entirely different from all other passwords in your niche blogs on the same server.

If you’re like most people who manage multiple blogs and corporate sites, you’ll understand the importance of protecting and securing the walls of your root directory. When a hacker gains access to your FTP account, he can manipulate file structure, access and phish-out your database login details. Afterwards, he may delete the wp-config.php so that your login will not be authenticated.

Surprisingly, some bloggers are ignorant of this fact that hackers are already lurking around their blog. A patient hacker can have your FTP login details and lie low until he’s able to crack the wp-config.php file.

Don’t save your login details on your PC. The best place should be on your GMAIL account if you’ve a ‘double authentication system’ that uses phone to verify account ownership. By the way, your gmail account with all the valuable emails can be hacked if you don’t activate the double authentication system. Do that right now (don’t procrastinate).

Blog Hack Quote:

Hackers may disguise themselves as bloggers in order to infiltrate the market, but only you can imprison their thoughts by hardening & Backing up your blog.” – Michael Chibuzor

Before you leave, I want to recommend a great plugin called “limit login attempts.” So far, this is the best plugin to prevent brute-force attack on your blog. If a user tries to login and fail, this plugin will lock them out for a specified period of time according to your settings.

The last time I checked, 102 people tried to login to my wordpress blog. All I did was to ban all their IP addresses and frustrate their hacking efforts. Thanks to ‘login attempt plugin.’

There you’ve it, the 5 powerful ways to protect your WordPress blog from hackers. To be on the safer and professional side, back up your blog on daily basis. Share your comment and let’s get protected together – See you ahead in your blogging career!

Image Credit: exclusivetutorials

""