5 Steps to a Hacker-Proof Blog

5 Steps to a Hacker-Proof Blog


Coming down from the almost 20,000 foot summit of Huyana Potosi I wasn´t looking for another mountain to climb.  Unfortunately though hackers had another idea by hacking into LivingIF.  We had fallen victim to the massive “brute-force” WordPress attack affecting millions of sites across the internet.  The physically exhausted me, the one that had just come down from the literal mountain, was forced to scale mountains of techno gobbly goop to figure out what had happened, why, and how to fix the damage.

The quick lesson: LivingIF didn’t get hacked for personal reasons, it got hacked simply for being on the internet and our failure to secure the site.

The hard lesson: getting hacked massively sucks.  In fact, to recover may require completely reinstalling your entire website from a backup.  (What if you don’t have a backup?  Ugh…you’ll probably need professional help!)

The good lesson: there are simple steps you can take to make your website hackproof.  OK, it won’t actually be hackproof, but will make hackers move on to easier targets.

If you have a website, here are five steps you need to take to make sure this doesn’t happen to you.

1.  Set up “two-step” authentication. WordPress websites have a standard login page at myblogisgreat.com/wp-admin.  Hackers set computers to search for WordPress sites, visit the login page and start pounding in passwords to gain access.  What if they can’t even get to this page?  They’ll probably just move on.  Here are two tutorials to add an authorization to get to your login page: lock down your “.htaccess” on your server or use Google’s key generator.

2.  Get craZIE!2bEAThackerz with your passwords. Hackers aren’t sitting in front of a computer keying in passwords, rather they’re having computers input passwords until one works.  Want to beat hackers?  Make crazy password that mix capitals, symbols and numbers to make it hard to break.  Things like “ilovesmalldogs” not only highlights your own personality issues, but is pretty simple.  Mix capitals, symbols and numbers to make it hard on hackers, something like “D@*nPACKerfan8mychEEz”.

3.  Kill your “admin”. OK, that’s not what I meant…please put down the gun! I’m just suggesting you have no WordPress, FTP or web server login named “admin”.  After giving admin privileges to another account go ahead and kill any accounts named “admin”.

4.  Delete themes and plugins you’re not using….update those you are. Once we overcame the hack I had the wonderful people at HostGator scan my files (HostGator is what keeps LivingIF online).  They found that there was another backdoor located in a theme I wasn’t using.  If you’re not using a theme or plugin you’re probably not updating it…therefore it may become vulnerable to evil hackers.  Delete them!  Those that you are…update them!

5.  Backup your website. As often as you can backup your database and website.  It will seem like a waste of time…until you need it.  If you do get hacked you will need to restore some files from backups.  If you don’t have a backup you may have a hard time recovering from a hacking.

What to do if you’ve been hacked?  I’ll outline the steps we had to take in a future post.  If you’re currently kicking out a hacker and need help feel free to contact us!

(Borrowed the hacking image and great tutorial on how hackers hack here).

Related Posts Plugin for WordPress, Blogger...



» Steph (@ 20 Years Hence) :
Jun 1, 2013

These are all great tips; Tony & I are working to make sure we enact all of them right now. I’ve never really worried about getting hacked, but I’m hearing about more & more people having it happen to them so I’m getting paranoid. Better to be proactive then to look back and kick myself for not taking precautions when I had the chance!
Read Steph (@ 20 Years Hence)’s awesome post Everything You Ever Wanted to Know (& More!) About: The Philippine Islands

» Sarah :
Jun 14, 2013

I had a WP website hacked last month and it’s definitely made me more vigilant in updating themes and core files. Luckily we had a great backup system in place, but it was definitely an eye-opener.

You always think of websites being hacked as something that only happens to governments and big corporate websites, but you’re right – they do just hack sites because they’re online and they can.

1 Trackback(s)

Sorry, comments for this entry are closed at this time.

About the Author

thinkCHUA: Photographing and documenting the world on a 3 year round-the-world trip to help future travelers discover new places, travel longer and enjoy the world's great experiences.

About the Author
thinkCHUA: Photographing and documenting the world on a 3 year round-the-world trip to help future travelers discover new places, travel longer and enjoy the world's great experiences.


Turkey HighlightsBogotaJerashNorthern BaliDarjeelingLuòyángOtavalo and CotacachiAyutthayaKathmandu





Get traveling today with lessons from our travels to 50+ countries on all 7 continents. Bump along in buses, hike the hills, and swim the seas with us to discover the world's best destinations.

Like LivingIF to start living your IF today!

Press ¨Esc¨ key to close this window.