Hacking Fail – Hacker 0, SuperWAHM 3
I received three of these lovely emails yesterday – after three attempts the IP address is blocked. On average I receive a couple of these emails every month.
This is a hacker attempting to get into my site. They put out bots that trawl the internet looking for WordPress sites (and of course other types of sites, it’s just that I happen to have a WordPress site) and automate their hacking attempts.
I did consider that it may be a glitch and was only one of the mompreneur community members trying to recover a lost password. However when I looked up the IP address it definitely wasn’t one of the members.
Yes, the IP address was in the Ukraine. I’m sure there are a lot of lovely, honest, moral people in the Ukraine. However they also have a bit of a reputation for being home to large hacking organisations.
WordPress websites are brilliant. Easy to use, update and change. Simple. Effective. They’re used so much that they make an easy target for hackers. Because the default WordPress setup isn’t highly secure. You, the site owner, MUST make sure you add extra security to your site.
I know of several high name businesses that had their sites hacked last year, that I wasn’t one of them was due more to good luck than good management at the time. Fortunately I was able to learn from other people’s mistakes. It’s now a huge Fail for hackers when they try and attack my site.
Security of your website should take a three pronged approach:
- Have a recent backup. Automate the backup if at all possible, so you can set and forget. Make sure it’s recent. There’s no point in a backup that is six months old when you need it. If you’ve got a WordPress site this is a great plugin to use: http://austinmatzko.com/wordpress-plugins/wp-db-backup/
- Always have your site updated to the latest version. No matter what you use to build your site, make sure it’s up to date.
- Secure your website. At the very least, for WordPress users, install the excellent (and totally free!) Wordfence Security – Firewall and Malware scan plugin: https://wordpress.org/plugins/wordfence/
Better still; put full security on your site. Check out John Hoff’s WordPress Defender ebook and video’s. Yes, it’s $39. Having had my site protected from hackers over the last year is worth a heck of a lot more than that to me.
Or read this article from one of our work from home dads Damen Edwards who has listed out the Top 7 Website Security Tips For Solopreneurs
Don’t think it can’t happen to you. Hackers don’t care how big your business is, who you are or what you do. They’re out to destroy your site, and quite possibly your business in the process. You take out insurance on your car and your house, so take out insurance on your site as well.
Melinda is the founder of SuperWAHM.com and started this site to share her best work from home ideas to help other Work At Home Mums become more financially independent and able to spend time with their families.
Oops….. Glad you found it before you needed it!
Oh, I don’t know…. distracted by a major earthquake perhaps Neil?
There’s not much you can do when the server gets hacked, your site is then vulnerable no matter what you have on it unfortunately. The only fix there is to wait until the server is fixed, and upload a backup.
I hope you never need either of them Greg! 🙂
That’s the one I use that locked the hacker out. Works well, until you mess up the forum login! LOL. Mind you, I’ll put up with the occasional hassle in order to have the site secure.
Thanks Paul. I’ve recently changed so I now receive the backups daily – mainly so I won’t lose anything from the forum.
Oh dear. I had the backup, and it was set to “Never!”
And there was no auto back up!
It’s fixed now. Next is the fire wall. Egghead…
N
I’ve off to tick “Back up WP site” off the to-do list!
Why am I so slow?
Neil
Thanks for the tips, Mel.
The server where I used to host one of my sites got hacked not too long ago. It was mostly to send SPAM, but it was definitely not a good thing.
Thanks to you, my WordPress blog will now be well protected.
Great suggestions Melinda!
I implemented the backup and the firewall.
– Greg
Melinda, I use a plugin called WP Lock Down (or perhaps WordPress Lock Down) that limits the number of times a person can try to log in before blocking their IP address.
Mel
Great advice.
I had two sites hacked last year – fortunately neither of them had a lot of work invested in them so it was irritating more than anything else.
But I learned some of the lessons – I have regular Database backups (I think after every new post), I always upgrade to the latest version, and I don’t have a user called Admin!
Be looking into some of your other suggestions too.
Keep ’em coming.
paul