Just today, a fellow Anime blogger named Calaggie who runs Nigorimasen recently discovered that somebody hacked it and deleted all the content. It’s a shame that all the content the person worked hard on got wiped in an instant.
People who are running self-hosted WordPress blogs don’t realize that blogs that run WordPress are subjected to brute force attacks (basically an automated attack that guesses every password combination) in effort to gain control and use it to plant malware or even deface a website. If you host your own WordPress blog, you should do the following to prevent this from happening:
- Have off-site backups – For most web hosting providers, you can perform a backup through CPanel, but you should keep the backup offsite in an event that you are unable to get a backup before the attack. For a Virtual Private Server, this is easier since you can just use rsync to another service or host after making a backup of the database and an archive. Also, some Virtual Private Server providers like BuyVM and Digital Ocean also have automatic backups (although the latter, it’s an additional cost). For me, BuyVM provides 5 GB of backup space and I created a scheduled task to back up and upload the files to the backup space. Also, Amazon S3 can be an affordable solution for backups as well. If you can’t afford offsite backups, just create a reminder to download a backup each week.
- Check your plugins and themes – Plugins and themes can potentially have vulnerabilities that can be used by attackers to gain control or plant malware on the site. Therefore, you should keep the plugins updated regularly and only use themes from trusted sources.
- Install Security Plugins: Plugins like BruteProtect (which will be included in Jetpack), Limit Login Attempts, and Rename wp-login.php can be good tools to protect you from brute-force attacks.
- Use a strong password for your WordPress and web hosting accounts– This is obvious, but people have the tendency to use weak passwords since they are hard to remember. If you have a hard time remembering passwords, use a password manager like Lastpass or 1Password so that you can generate strong passwords without having to remember them. Also, avoid using FTP since passwords are sent in clear text, use SSH/SFTP instead (most FTP clients should support SSH).
- Keep WordPress Up to Date – Usually, WordPress updates fixes security issues. However, you can set it to update automatically.