I had a couple of ideas in my A to Z list for S. But then last week, my blog was hacked.
It wasn't major, and doesn't appear to have been malicious, and probably no one but me even noticed. The only reason I realised was that I checked my blog on my ipad in bed, watching as it loaded, only to see a strange page of links and spamy type words flash up for a second.
I tell you, I panicked! I jumped out of bed and spent over an hour making sure it was clean and securing it to make sure this didn't happen again. Sure I'd heard of other people having their blogs hacked, but I didn't believe it would ever happen to me! But apparently this month there has been a huge spike in the number of attacks on WordPress blogs.
How did I fix it?
Well, at first I thought I was going to have to go through all the individual pages to find this strange bit of code, and given how many pages and templates wordpress has, that was going to take AGES. But then another thought occured to me, and I went looking for and found an Anti-Malware plugin.
Phew. This nifty little plugin found that spammy little bit of code, and removed it for me!
Then I did a bit of searching on how to prevent this in the future!
I found another nifty little plugin called Better WP Security and though I haven't turned on everything in the plugin (some of it is over my head), I do feel a little more confident about the security of my site.
This plugin logs access attempts, and bans people if they attempt to login more than a certain number of times. I've already had two people banned!
Another plus is that it also lists 402 errors that occur on my page (they can be a sign of people trying to find a way in if they're searching for obscure links), and this has helped me fix a couple of broken links!
How secure is your website/blog? Have you ever had your page hacked? Any good advice on securing your site?
All this month I’m participating in the A-Z blogging challenge, writing a blog post for each letter of the alphabet, on every day of the month except Sundays. Check back regularly to see what else I have in store for you.
Wow, that’s scary. One of my friends had her blog hacked last year and it took 2 weeks for her to be able to get back in to it. I just make sure I change all my passwords several times a year and that my passwords are really long.
Dark Thoughts Blog
Creating a really long password that includes upper and lower case letters, numbers, and even symbols, is a BIG advantage when avoiding getting hacked! The chances of getting hacked go down exponentially with each extra digit you add.
Gosh I wouldn’t even think of security on a blog: I can’t imagine why someone would want to hack it: It’s not like an email account with interesting or hidden information. Everything on a blog is available for all. Thanks for the heads up: off to investigate security and change my password! 🙂
It’s hard to say. There are lots of different reasons people hack a blog. Sometimes they add advertising, sometimes they want to display their own message on your trusted site, sometimes they want to use the processing power in a huge denial of services attack against someone else!
In this case, it looks to me like Search Engine Posioning (SEP), where they use links from a trusted site to increase their own search engine visibility. A pain to clean up, but not directly malicious to viewers. (Thankfully!)
Still scary stuff. The internet is so opaque sometimes, especially for non-techies like me!
Hi Rinelle, that scary. Well done on getting it sorted. Thanks for the tips included. My son who is an animator has had his webpage hacked on occasion and when this happens it happens to me too because I think he ‘hosts’ my web page. He is pretty smart about these things, sorts it, and then advises to change passwords STAT! I’ve noticed zillions of spam comments since the A-Z began that Aksimet alerts me to; I go through them to check in case a valid comment has been lumped in there and then TRASH the spam.
Susan Scott’s Soul Stuff
How handy, to have a son who knows how to take care of it!
I haven’t had much of a problem with spam, strangely enough. I did have one post (from when I was doing a free promotion of my book), that was attacked by spam, but I closed comments on that post (and that one only), and it doesn’t seem to have spread. Hopefully it won’t! Spam is such a pain to deal with.
That is horrible. Thanks for sharing. I’ll have to see if Blogger has any such plugin.
I’m thinking you’re probably pretty safe with blogger, since most of that is managed by blogger themselves. Having a strong password is probably your biggest risk.
Yikes! I had heard about the attempts on WordPress, but will try to spread the word a bit more. Glad you noticed it and fixed it quickly.
Yes, I’m glad I did too. I hadn’t heard about the attempts (I tend to be rather head in sand about these things until I can no longer avoid it), all the news arrived in my online world about a week after the attempt!
This sounds so scary. It makes me especially nervous because my blog is self hosted, so I don’t have the build in protections that might come with the other services. I will have to be more vigilant. Thanks for the warning!
Hope you’re having fun with the A to Z challenge,
Yes, my blog is self hosted as well. I suspect the ones hosted by wordpress or blogger are a little more secure. But when you host it yourself, the responsibility seems to like all on your shoulders!
Yikes that’s awful! But you dealt with it so well. 🙂 Kudos to you!
Thanks Aubrie. I’m just glad the issue was relatively simple. It could so easily have been much worse.
Very scary, I’m glad you got it fixed. I don’t have any extra security, I don’t understand why someone would do it but after reading your post and the comments, I have a better idea. Sounds like something I should look into.
No worries Dan. Since your site is hosted through blogger, you’re probably pretty safe (other than making sure you have a secure password). The problem seems to be mostly self hosted wordpress blogs, which are installed entirely on your own hosting space.
What a horrible experience for you, and how lucky that you are intelligent enough to sort it out for yourself. I would have to go to my web mistress and ask her to do it, and I would hate to have to wait instead of trying to do it myself!
Having someone else who can sort it out for you is a great thing! Believe me, if I’d had someone to call, I would have been calling them, LOL. But I’m glad I was able to fix it.
I’ve never had my blog hacked. Sounds awful and scary. I freaked out when someone tried to hack my facebook page and changed the password, which is what I hear the solution is for that. I hope you never have to go through that again – how great you found some security to help make sure
I haven’t had any problems with Facebook, thankfully! But changing the password sounds like a good solution!