I don’t know about you, but my WordPress has been hacked. Maybe it was a lack of having the basics security sets in my blog or maybe it was my way of not fully testing plugins prior to apply them in the live working environment.
Either way, I want to be open about and share my experience and what protection I am using so maybe it can help others too.
First of all, no website in the whole world can be 100% “hack-free”, there are just so many factors that can make a website/blog vunerable, starting at people. People can provide easy passwords, not set the correct file names and basic protection on how users are going to login and level of security is set for your blog.
And so many others factors.
What I’m going to share here is some of the basics, based on others blogs and articles related to this issue that seems to be affecting a lot of bloggers all over the world.
1. First of all use a reliable hosting services. The hosting services will guide if not help you providing tools to install and update with the latest WordPress. It could be in a format of a script.
In my case I use Just Host with Mojo Easy Script to install and maintain the updates of my WordPress. There are several others hosting services that can provide with this facility for you.
2. Install WordPress themes from reliable sources. Once you have chosen the right hosting services and installed the main WordPress script, you may want to choose another theme other than the one that comes with it the installation.
You can search from the WordPress market place for a free theme and install strait from the admin website, or you could get from one of the well know WordPress themes providers who some of them offers in general a free option and a paid option, normally the free option is sufficient, but with a little investment you can get a premium WordPress theme with support and latest updates. Either way, make sure you read about the theme provider to make sure you know where you are downloading from and no malicious code is bundled within which you cause you problems in future.
3. Make sure you get the best secure plugins. Plugins plays an important role to help you with the security of your blog. Again, make sure you get it from the WordPress repository by searching for a new plugin or from a reliable website, otherwise you can find yourself in same trap as with the themes where by getting plugins from suspicious websites can provide you with some injected code that could be malicious to your blog and others.
4. Backup your WordPress blog and Data Base. Other important factor is to backup your WordPress. If you have any issue with a malicious attack, or a plugin you have installed and you can’t get it to work, just go back to where you last think it was working ok and restore your blog. This can solve many problems. I’ve lost almost everything in my blog due to not have a backup plan in place. Don’t fall in this trap, backup you blog as soon as possible and constantly.
Those are the basics simple steps to attempt to keep your WordPress blog safe and free from malicious attack, DDOS attacks, Trojans and disruption of your blog, server and others.
By no means this is the perfect solution as hackers are getting more and more clever, but surely it will help at least make it a bit hard for them to break your blog or use your blog to attack others.
Let me know what your story is and let me know your experience also which tool/method you recommend to solve this, which seems to be a growing issue all over the world.