Hacking Fail – Hacker 0, SuperWAHM 3

 

I received three of these lovely emails yesterday – after three attempts the IP address is blocked.  On average I receive a couple of these emails every month.

This is a hacker attempting to get into my site.  They put out bots that trawl the internet looking for WordPress sites (and of course other types of sites, it’s just that I happen to have a WordPress site) and automate their hacking attempts.

I did consider that it may be a glitch and was only one of the forum members trying to recover a lost password.  However when I looked up the IP address it definitely wasn’t one of the members.

Yes, the IP address was in the Ukraine.  I’m sure there are a lot of lovely, honest, moral people in the Ukraine.  However they also have a bit of a reputation for being home to large hacking organisations.

WordPress websites are brilliant.  Easy to use, update and change.  Simple.  Effective.  They’re used so much that they make an easy target for hackers.  Because the default WordPress setup isn’t highly secure.  You, the site owner, MUST make sure you add extra security to your site.

I know of several high name businesses that had their sites hacked last year, that I wasn’t one of them was due more to good luck than good management at the time.  Fortunately I was able to learn from other people’s mistakes.  It’s now a huge Fail for hackers when they try and attack my site.

Security of your website should take a three pronged approach:

  1. Have a recent backup. Automate the backup if at all possible, so you can set and forget.  Make sure it’s recent.  There’s no point in a backup that is six months old when you need it.  If you’ve got a WordPress site this is a great plugin to use: http://austinmatzko.com/wordpress-plugins/wp-db-backup/
  2. Always have your site updated to the latest version. No matter what you use to build your site, make sure it’s up to date.
  3. Secure your website. At the very least, for WordPress users, install the Firewall plugin: http://www.seoegghead.com/software/wordpress-firewall.seo

Better still; put full security on your site.  Check out John Hoff’s WordPress Defender ebook and video’s.  Yes, it’s $39.  Having had my site protected from hackers over the last year is worth a heck of a lot more than that to me.

Don’t think it can’t happen to you.  Hackers don’t care how big your business is, who you are or what you do.  They’re out to destroy your site, and quite possibly your business in the process.  You take out insurance on your car and your house, so take out insurance on your site as well.

superwahm, melinda jameson, wahm

Melinda is the founder of SuperWAHM.com and started the site to share her learnings to help other Work At Home Mums become more independent and able to spend time with their families

Melinda Jameson

Melinda is the founder of SuperWAHM.com and started the site to share her learnings to help other Work At Home Mums become more independent and able to spend time with their families

12 thoughts on “Hacking Fail – Hacker 0, SuperWAHM 3

  • February 25, 2011 at 10:30 am
    Permalink

    Mel

    Great advice.

    I had two sites hacked last year – fortunately neither of them had a lot of work invested in them so it was irritating more than anything else.

    But I learned some of the lessons – I have regular Database backups (I think after every new post), I always upgrade to the latest version, and I don’t have a user called Admin!

    Be looking into some of your other suggestions too.

    Keep ’em coming.

    paul

    • February 26, 2011 at 2:35 pm
      Permalink

      Thanks Paul. I’ve recently changed so I now receive the backups daily – mainly so I won’t lose anything from the forum.

  • February 25, 2011 at 11:30 am
    Permalink

    Melinda, I use a plugin called WP Lock Down (or perhaps WordPress Lock Down) that limits the number of times a person can try to log in before blocking their IP address.

    • February 26, 2011 at 2:37 pm
      Permalink

      That’s the one I use that locked the hacker out. Works well, until you mess up the forum login! LOL. Mind you, I’ll put up with the occasional hassle in order to have the site secure.

  • February 25, 2011 at 4:36 pm
    Permalink

    Great suggestions Melinda!
    I implemented the backup and the firewall.

    – Greg

    • February 26, 2011 at 2:37 pm
      Permalink

      I hope you never need either of them Greg! 🙂

  • February 25, 2011 at 4:39 pm
    Permalink

    Thanks for the tips, Mel.

    The server where I used to host one of my sites got hacked not too long ago. It was mostly to send SPAM, but it was definitely not a good thing.

    Thanks to you, my WordPress blog will now be well protected.

    • February 26, 2011 at 2:38 pm
      Permalink

      There’s not much you can do when the server gets hacked, your site is then vulnerable no matter what you have on it unfortunately. The only fix there is to wait until the server is fixed, and upload a backup.

  • February 26, 2011 at 9:24 am
    Permalink

    I’ve off to tick “Back up WP site” off the to-do list!

    Why am I so slow?

    Neil

    • February 26, 2011 at 2:39 pm
      Permalink

      Oh, I don’t know…. distracted by a major earthquake perhaps Neil?

  • February 26, 2011 at 9:32 am
    Permalink

    Oh dear. I had the backup, and it was set to “Never!”

    And there was no auto back up!

    It’s fixed now. Next is the fire wall. Egghead…

    N

    • February 26, 2011 at 2:40 pm
      Permalink

      Oops….. Glad you found it before you needed it!

Comments are closed.