A blog, whether for personal or professional use, represents hours of hard work and dedication. It is not easy to get it to a place where you are happy with every aspect and are enjoying a busy, thriving blog.
So when your blog is attacked and perhaps even hijacked, it can be a cruel and disheartening blow. Anger and frustration are understandable reactions to having your work and time stolen or corrupted by someone else. But you need not write off the blog as a loss straight away. There are things you can do to try and reclaim your blog and make it safer for the future. Below, we will look at the how and why your blog may be attacked, and also take a look at what you can do to stop it happening again.
One of the easiest areas to attack is via lax security. We have all done it; you see the pop-up in the corner of the screen asking to update security, but ignore it. You reason that you’ll do it next time for sure. But then never do because there is always something else that is more important. Thus, you are left open to attacks due to outdated virus definitions.
Plugins – increase the area over which you can be attacked – some that are new may have weaknesses not known straight away.
Running a blog, you recognise the need for plug-ins that will make the site easier to use for both you and your readers. Enriching the experience for your users is great and always to be at the forefront of your plans. Awareness of the origins and vulnerabilities of the plugins you choose should also be something that you are thinking about. Researching reviews and feedback, knowing the reputations of the plugins you use is half of the battle. There are specialist plugins, such as Wordfence, that function as front line security for your blog.
This bleeds into the next area of caution, which is; a hacker will peruse Google searching for plugins with known vulnerabilities. They will then use this information to target blogs using those plugins. Having these weak components in your blog is an open invitation to some. Be aware of how hackers work.
What the attacker hopes to achieve varies from person to person. Some make a backdoor, through which they can slip in and out at any time. Via this, they can hope to monitor any communications you might have openly or privately, and exploit any personal data therein.
Others hack as a more blatant way to exploit your blog to make money. They may make it so that your blog redirects to ad sites or malware, which will then infect any visiting computer. They can spread to more and more computers, with more and more chances of stealing data and personal details which can be exploited for monetary gain.
In order to see more subtle changes; like a backdoor being created, then you would have to scour source code, which would consumer a massive amount of time.
Here are some essential steps to take if your blog is attacked:
- Upon first noticing, or suspecting, that your blog has been hacked, initiate all of the scanning software you have – both virus and malware. If this turns out to be the source, re-appraise the security of your computer. Tighten up your firewall controls, update everything and make it a policy to always do so, and consider using more robust security software. There are sites that will scan your blog for you.
- Immediately take down the infected site. This will only be best for your security and that of anyone who would visit your site. Visitors will understand a site being down because of attack, but infection via your site they might not care for so much.
- If you are remotely hosting your blog, contact the host and talk to them. It may be that they are unaware of a virus in their network. In any case, they will appreciate being told of your infection and will only be more diligent because of it. It may also turn out that there is a service problem with the host and, hence, that is why you are locked out of your blog.
- Make regular backups of your site. This, if the worst comes to the worst and your site is utterly infected, will be the silver lining. If you make regular backups on a schedule, then you will be thanking yourself a thousand times over should something go wrong. This can fall into the same realm as updating, in that it can be hard to think of it as a part of the daily blog maintenance, as opposed to something rare.
- If you have been hacked, then immediately change all of your passwords, whether they are other blogs, email, or financial. Once one thing is compromised, you should assume that all of it could be.
- Comb through all settings and accounts. The hacker may have added new user accounts, changed security settings, and myriad other things, which will allow him to manipulate and re-enter your blog. Eliminate every point of access that you can find.
- If you have backed up the blog but need to wipe your computer, then it need not be as daunting as it seems. Reinstalling your OS can be quick enough, and with that new install you can implement a good, robust security system.
Being attacked can be annoying, infuriating, and even distressing. By linking together your security thinking, and keeping to a strict set of rules and schedule, you can ensure that it won’t happen again.
Get access to awesome WordPress experts that work on an hourly basis.
Secure your websites now!