Weekend Wordpress Security Tip: What To Do When Your Blog Is H4CK3D
(H4CK3D is the popular term for “Hacked” as the numbers refer to 4 being an A and 3 being a E)
So, everyone will have this happen to them at one point in time, It’s just a matter of when and will you be prepared for it? Since Wordpress is open-source (meaning it is free to use and modify to any person’s will), people that have little to do, have a few amount of friends, go out to little to none parties social events, will sit at home and try to find ways to exploit the community generated code.
What does this mean for you? A living hell (if not prepared, of course) once they decide that your blog would be fun to ruin.
The Fix:
For hackers, there are none. Plugins will slow them down, but it won’t eradicate them.
For protecting your blog from an attack is really quite simple. Follow these steps to completely backup (Save) everything you have on your blog hosting account:
- Login via FTP to your blog directory. (I recommend FileZilla.. I use it for everything)
- Click and drag the directory that contains all of your wordpress files to your desktop or preferred storing space - you can move it later. (This will take roughly 15 minutes if you have plugins, themes and the entire Wordpress install.)
- Once complete, you now have one half of a working copy of your blog - We aren’t done.
- Login to your Cpanel account (I don’t think any web hosting will give you a web-hosting account without it).
- Find the “PHPMyAdmin” under MYSQL Databases and click on it.
- You now will have a screen, asking you to login to your MYSQL database. It is not the same as your Wordpress’s blog, and will likely require you to search your emails/desk for the username and password.
- Once you’ve logged in, click the dropdown box on the left and find the database that hosts your Wordpress account. The correct one may not be so obvious by the name of the database, So I’ve installed a brand new Wordpress on my local computer to tell you that it has 10 tables in it (I also wanted to do something else that is Wordpress related.. Testing you could say).
- When the correct database is found, simply click on it and then click on the tab called, “Export“.
- Make sure the following settings are checked/unchecked. (taken from wordpress.org)
- Look at the left box at the top of the Export section. All the tables in the database you selected are in that box.
- If you have other programs that use the database, then choose only those tables that correspond to your wordpress install. They will be the ones with that start with “wp_” or whatever ‘table_prefix’ you specified in your ‘wp-config.php’ file.
- If you only have your WordPress blog installed, leave it as is (or click ‘Select All’ if you changed the selection)
- Ensure that SQL is checked!
- The SQL section
- ‘Structure’
- ‘Add DROP TABLE’
- ‘Add AUTO_INCREMENT’ and
- ‘Enclose table and field names with backquotes’
- The DATA section
- Tick the ‘Save as file’ option, and leave the template name as is.
- Now click ‘Go’ and you should be prompted for a file to download. Save the file to your computer.
Depending on the database size, this may take a few moments.
You’ll now get a download prompt with your entire wordpress blog content and settings in one .SQL file.
Now you have the other half of your blog backed up onto your computer - making it a full backup.
Conclusion:
Yes, there are plugins out there that do this for you automatically, but it’s nice to know that you know how to do it yourself. I’m all for doing it yourself because then if anything goes wrong with your automated backup, you won’t have to search the internet for a tutorial. This guide gives you a full breakdown of a backup, so you won’t need anything else.
Do this as often as you feel necessary, then if anything goes wrong, you can restore your settings with ease. I’ve been there, done that.. It’s not fun.
Thanks for visiting my blog! You may want to subscribe to my RSS feed so you will be able to get these personal blog tips for free!
Well… What percent of people is not lazy to do it daily?
Plugins may add extra link in chain but scheduling of backups is huge plus.
By the way backup advice mostly focused on database but it’s wise to backup everything from ftp as well. Restoring few hundreds of images and customized theme is no fun at all.
Rarst’s last blog post..Universal Extractor – came, identified, unpacked
Definately. I have a perfect working copy of this theme on my local computer.. Just incase
- But this theme will soon change 
- Stay tuned.
a good idea is to send your db backup to a gmail account specially created for that, in a daily basis. you can use plugins for this
Hugo Santos’s last blog post..Duplicate content penalty
good stuff! thanks for the info. glad i found you.
thanks for this post. one of my blog lately has been hacked. and learned a lesson from it.
Dilson Decano’s last blog post..Sunday Link Love 5
I use the wordpress backupdb plugin but you just reminded me that I also should be backing up the core files since I have made template changes.
Peter Answers’s last blog post..Best Phone Prank Ever
Getting your blog hacked is the worst nightmare for a blogger. I experience that once and eventually learned a lesson, Now I got a habit of backup-ing my blogs from time to time
I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future. Feel free to check out my blog on the 36 Best Wordpress plugins for 2009.