Category: Blogs

Posted on

Solving a Blog Hack Problem

Even the very best website and most vigilant webmaster can have their blog hacked. It just happens. Typically the higher you are in the organic search results the more attempts will be made to hack your blog.

Why does someone want to hack your site?

It is typically for these reasons:

  1. Parlay on your high placement and traffic to bleed off your search engine capital to a black hat optimizers list of sites that need “SEO Juice”.
  2. Parlay on your website placement and traffic to spew malware to your site visitors to turn visitors’ computers into spam bots.
  3. Use your unprotected site as a launch pad for black hat optimization doorway pages.

There is simply nothing personal about the situation, it is simply a crime of convenience. If you are not secure, you are a target. In some cases the security problem may be on your web host’s side, but in other cases the issue is on your website’s side.

I have successfully used several WordPress plug-ins on a number of client sites to lock out the bad guys, even ones who some how seem to keep getting in. Here are three of the plug-ins that I really like to use that help to beef up your security after you have thoroughly cleaned your blog and website from a hack attack.

WP File Monitor Plus
If you are repeatedly being hacked with this plug-in, you will instantly know which core files need to be replaced. The application can email or send you a text message.

Login Lockdown
Limit attempted intrusions by locking out bots and spiders who are testing your admin and trying to crack your password. You choose what settings to lock them out with. Your MySQL database will keep a list of attempts and lockouts so you can see the date of intrusion attempts.

WP Admin Renamer Extended
I love this one. First create a new admin file with a super secure name and password. Then rename your existing admin using this plug-in. But don’t stop there. Go back in and set your old admin user as a subscriber only; effectively locking out the bad guys that even if they can get back in they can’t make any changes.

These are great starts, but be aware that if a hacker really, really wants to get in they can be extremely difficult to keep out. My motto is make it very hard for them to get in and time consuming that they simply want to move elsewhere to do their dirty work.

Posted on

Change the Name on Your WordPress Admin File

Here’s a cool plug-in to help you monitor, change, and keep up-dated your WordPress blog administration names. It is called Admin Renamer Extended. You may ask why not just use the WordPress control panel to update your admin names? Sometimes a hacker will hide the admin name from you to keep you from deleting their access. This renaming plug-in allows you to update, see, and change the administrative names for your WordPress account.

It is interesting to know that many blogs are set up with the name admin and lame passwords making their blog easy to hack. By default WordPress calls your main login simply admin. I recommend a much more difficult user name such as a combination of words and certainly a secure password with letters and number. I don’t recommend that you use your business name as the administrators name.

Try to make your administrator login complicated for others to guess and easy for you to remember.

Posted on

WordPress Security Tips

In this ever changing world where hackers look to hide spam links on your blog and hackers try to crack into your blog posts to try to spew their malware out at your expense, it makes sense to keep your WordPress blog secure.

Here are a few thing that I do and recommend that you consider to keep your website and blogsite safe. First, why do I say website? Well, it is not uncommon for a blog to be hacked and used as the springboard to compromise your website. So if you have a blog on your server, make sure you are keeping it secure to protect your website.

I use the following items for our managed blogs:

Login Lock Down
This plug-in protects you from brute force robot attacks that try to gain access to your blog by simply trying a million possible login combinations. This plug-in allows you to set login attempts to a specific number before access is locked for a specific time period you select.

Exploit Scanner
This is a very good plug-in and can actually let you know if your blog has been hacked and where the files are residing. I really like this one and have solved and cleaned up a number of hack attacks with its use.

WP-MalWatch
This is another very helpful plug-in. After installation look for it on the dashboard. It will let you know if your site has been compromised with the Pharma Hack and searches your locales.php file and file ending combinations.

WordPress File Monitor
Oh, I really like this one. Once you have cleaned up after a hack, this plug-in will advise you by email or text message when any of your WordPress core files is changed. This is very helpful if you are having trouble keeping your site clean from problems.

There are other great plug-ins these are just the top three that we use that come to mind. In addition to using scanning application, make sure that your logins are secure, you keep all your plug-ins up-to-date and keep your WordPress version on the most recent version.

If you don’t have time to keep an eye on your own WordPress application, get a blogmaster like  us to watch your blog and scan it monthly or weekly.

Posted on

Watching Your Site for Malware Intrusions

Website owners need to keep an eye on their website and blog to make sure that they are not unknowingly spewing malware onto the Web. Not only can this be bad for your site visitors, but you can actually get your website blocked by Google for allowing malware downloads; even if you didn’t know that it was happening.

If you have a blog on your site, there are lots of free, cool plugins that monitor your blog and help you to keep it safe, but how about a website? I found one tool recently that allows you to scan your website files for malware. It is called Sucuri. You can visit the free online website scanner here. I recommend not only scanning your root directory, but some of your top traffic directories as well just to make sure you are malware free.

Another tool you can use for malware monitoring of a website is the Google Webmaster Control Panel. To use this Google service you will need to verify your website ownership by downloading and then uploading to your server a small file. Once in place, Google will scan your site and you can review its malware detection results.

In many cases I have found that Google is very slow to report if you have had a malware attack. Eventually they will notify you if there is a problem, but it may be woefully late, and your notification may actually be that Google has banned your site in their index. I personally recommend a much more proactive and early prevention focus.