Toll Free: 1-877-695-7388

GTA: (647) 699-2838

Search Engine People
  • SEO
  • SEM
  • CRO
  • Display
  • Blog
  • Why Us
  • Contact
  • Join Our Team
  • Get A Quote

Toll Free: 1-877-695-7388

GTA: (647) 699-2838

The Ultimate Hacker Prevention Guide

Donna Fontenot | July 1st, 2008
Tweet
Share2
Share
Pin
2 Shares

You know I've been on a mission to help rid ourselves of all the problems we see with sites being defaced, hack'd, crack'd, and pillaged. Frankly, if you have a WordPress blog that hasn't been upgraded to the latest version (currently 2.5.1), it's not a matter of IF but a matter of WHEN you can expect to see it attacked.

Luckily, I'm not the only one who has been noticing the ever-increasing problem, and lucky for all of us, there are now some steps you can take to help defend your sites from these kinds of attacks. Below I'll list the various actions you can take (or point to resources) - some are preventive measures, and some are after-the-fact cleanup steps. Either way, you need to have as much information at hand as possible to effectively deal with this problem. (Note that although some of these steps are specifically for WordPress, some can be used elsewhere. I'll note that as we go along).

Preventive Steps

  • Install the Login Lockdown WordPress plugin. This will prevent brute force attempts at grabbing your admin password. (WordPress only)
  • Install the WordPress Database Backup plugin. You can set this plugin to automatically backup your blog's database every night and email it to you, so you never have to remember to backup. This is essential for being able to revert back to a known-good state. Once installed, test it, and make sure you get a good backup right now. (WordPress only)
  • Backup your site's files now while you know they are clean. You can grab a backup from CPanel if your host uses that, or you can just FTP all the files down. In the comments below, Paige points to a nice post showing how to automate the CPanel backup here.
  • Install the WordPress Automatic Upgrade plugin. It makes upgrading WordPress blindingly easy, and the easier that step is, the more likely it is that you will actually DO it. (more info on the plugin here). Once installed, use it! (if you aren't already running the latest version, that is) (WordPress only)

After The Fact

  • Even though this tool detects problems after the fact, you need to sign up for SERPGuard NOW. This is a brand new tool that Nick Wilsdon has graciously created for us all, and it's an essential tool in this fight. (more info on the service here, here, here, and here). Basically, what SERPGuard does, is monitor Google's malware and phishing blacklists, and alerts you if your sites are on them. This happens frequently when your site is attacked, and the sooner you find out about it, the better. Google does list this information in the Webmaster Tools, but if you aren't using WMT, or you just don't regularly visit it, you won't know that you've been hit. (Google claims to email webmasters, but I've seen people get hit and never get an email). SERPGuard definnitely lets you know, and there are various ways to be informed (email and RSS). This won't prevent an attack, but it will warn you QUICKLY if you've been attacked. (For all sites, not just WordPress).
  • Once you know you've been attacked, it's time for the cleanup process. Smackdown has a comprehensive post about cleaning your hacked WordPress blog, so I'll just link to it here. Obviously, I hope you never have to use that post, but if you need it, it will be a lifesaver for you. (WordPress only)
  • Finally, if Google has kicked you out of the SERPs (and they probably have), you can request reinclusion and explain what happened, and that you've cleaned everything up. You'll need to do this via the Webmaster Central, however, so you'll have to sign up there if you haven't already. (ADDED LATER FROM COMMENTS BELOW: You can also get your site reviewed through StopBadware.org . This can be useful if you do not want to create a GWC account for the site. However this will likely be a slower process than Google, who is looking to get a 24hr turnaround on requests.) (For all sites, not just WordPress)

Google has also blogged about this subject, so if you want to see their advice, you can get that here and here. (For all sites, not just WordPress)

If you take the proactive steps to protect your blog, you may never need the "after the fact" steps, but keep them handy - just in case. They'll help prevent your blood pressure from exploding when you're trying to figure what the heck to do.

Final note: The first person who complains about the inappropriate use of the term "hacker" instead of the more appropriate term "cracker" gets a virtual SLAP from me. Even Google uses the term "hacker" in their posts above, so I figure it's ok for me to do so as well.

Tweet
Share2
Share
Pin
2 Shares
Posted in SEOTagged crack, cracker, hack, hacked, hacked sites, hacker

16 thoughts on “The Ultimate Hacker Prevention Guide”

  1. Nick Wilsdon says:
    July 1, 2008 at 6:13 am

    Thanks for the links and bug testing Donna 🙂

    After that talk with JohnMu at Sphinn, my understanding is that you can also get your site reviewed through StopBadware.org . This can be useful if you do not want to create a GWC account for the site. However this will likely be a slower process than Google, who is looking to get a 24hr turnaround on requests. .

    Ideally Google would place a review form outside GWC but I understand them not wanting to waste resources on non-verified reports. If they allow re-inclusion through StopBadware.org that is OK.

  2. DazzlinDonna says:
    July 1, 2008 at 6:26 am

    Good to know, Nick. Thanks for the info.

  3. Paige Filler says:
    July 1, 2008 at 6:48 am

    Good post.

    I also think backing up the whole site is important too (themes and images etc). Here is an easy way I like:

    http://www.justin-cook.com/wp/2006/12/27/automatic-cpanel-backup-domain-mysql-with-cron-php/

  4. DazzlinDonna says:
    July 1, 2008 at 7:03 am

    Dang, excellent point, Paige, and one I can’t believe I forgot, since I’m always going on and on about it. Will add it.

  5. Paige Filler says:
    July 1, 2008 at 8:38 am

    Anything to help everyone sleep better at night 😉

  6. Dennis Edell says:
    July 2, 2008 at 4:12 am

    Is everything here available for 2.3.3?

  7. DazzlinDonna says:
    July 2, 2008 at 5:32 am

    Yes, Dennis, everything should work fine for 2.3.3. And if that’s the version you’re still using, please upgrade ASAP or you might be the next victim.

  8. Dennis Edell says:
    July 2, 2008 at 9:30 am

    I get it, I do, but ya know 2.3.3 was that last stable secure release before the abomination they call 2.5-2.5.1 so I figured I’d stick for a bit.

    However, if you agree to be at my beck and call for the issues I KNOW I will be having, I’d gladly upgrade today 🙂

  9. DazzlinDonna says:
    July 2, 2008 at 9:45 am

    I’d rather be at your beck and call for upgrade issues than at your beck and call for hacker issues. 🙂

  10. Dennis Edell says:
    July 2, 2008 at 9:59 am

    Bravo! Awesome response LOL

    How are you with plugins? Out of ALL the bad I’ve heard, that may be my primary issue.

  11. DazzlinDonna says:
    July 2, 2008 at 10:44 am

    I think you may be over-reacting to the bad reports you’ve heard. Lots of people have had no problems with 2.5 and I for one, love it. So, I wouldn’t worry so much if I were you. Just follow the instructions above and you’ll probably be fine. (If not, I take no responsibility, LOL).

  12. Sean Carlos says:
    September 19, 2008 at 12:55 am

    After several people I know had their wordpress installs hacked, I sat down and wrote a post with 9 tips to avoid getting hacked or otherwise in trouble:

    http://www.antezeta.com/blog/top-wordpress-security-tips/

    Some of the tips are of the “obfuscation” type – make job harder by making less information, such as your wp version, public. Naturally, if there is a will, there is a way….

Comments are closed.

Recent Posts

  • Maximizing Your E-Commerce Sales:
    A CRO Audit Guide
  • Movin’ On Up! Why Migrating to Google Analytics 4 (GA4) Should be a Priority
  • A Year in Review: The Digital Marketing Trends That Defined 2021
  • The Basics of Video Marketing
  • Just How Much Do Google Reviews Impact Your SEO Ranking?

Categories

  • Analytics & ROI Analysis
  • Company News
  • Content
  • Conversion Optimization
  • CRO
  • Display Advertising/RTB
  • Email Marketing
  • En Español
  • En Français
  • Inbound Marketing
  • Lead Nurture & Marketing Automation
  • Local Search
  • Marketing
  • Mobile
  • Partnership Marketing
  • PPC
  • PR
  • SEO
  • Social Media Marketing
  • Web Design

Additional Posts

Using the Cross Pollination Concept to Aid With Social Media Success!

June 30th, 2008 | by Jeff Quipp

SEO vs SMO – Traffic Quality Put To The Test

June 30th, 2008 | by Donna Fontenot

Buy or Sell Nofollow'd Contextual Link Ads

June 28th, 2008 | by Donna Fontenot

LET'S TALK

Need more information or want to get in touch?

Get in touch!
  • SEO
  • SEM
  • Display
  • Blog
  • Why Us
  • Join Our Team
  • Contact Us
  • Local SEO
  • Small Business SEO
  • Enterprise SEO
  • International SEO

LOCATION

1305 Pickering Parkway,
5th Floor Pickering, L1V 3P2

PHONE

Toll Free: 1-877-695-7388
Greater Toronto Area: (647) 699-2838

Social

© Search Engine People Inc. 2023 – Canada’s Top Digital Agency
© SEP 2023 – A Search Engine People Company | Privacy Policy

Search Engine People