On Christmas Eve I decided to turn my laptop off and have a wonderful few days off enjoying baby girl’s first Christmas. On boxing day I did a quick check of my emails and discovered that my blog had been hacked. They hadn’t got in through my username and password, but through a plugin I wasn’t using and had not updated. They had somehow injected malware into my blogs core files. My stress levels were about to reach breaking point.
I’m writing this today to share with you what I have learned from getting hacked, and hopefully help with some tips so the same doesn’t happen to you. It’s a very unpleasant experience, I felt violated. My blog is only about family topics and what not, it’s a baby fish in a the huge sea, so why would a heartless hacker want in?
I went self-hosted last Summer and have been learning everything myself as I went long. I thought having Wordfence was enough to stop getting hacked, but it’s not.
When my lovely blogger friends clicked onto my blog they were sent to spam pages. Pop-ups saying Congratulations you have won an iPhone 7 would appear. Totally not the image I want for my family orientated blog.
So what have I learned from this dreadful experience?
- Update your plugins ASAP – check daily if you have any to update
- Delete unused plugins – I had the Shareaholic plugin disabled and this was most likely the way in for the hackers.
- Keep WordPress updated to the latest version
- Delete old themes not in use anymore
- Have strong passwords – combinations of symbols, numbers and letters. Not words or your partners date of birth!
- Make sure you have good security installed – I have WP Security and Wordfence both installed.
- It’s great to have a helpful host, who will try to get you out of a sticky mess. Siteground have been very good to me.
- It’s costly! – I ended up paying Wordfence to professionally clean my site as my hosts helped get it back running but wouldn’t clean up the files.
These tips are only a guide and will not guarantee you getting hacked, but I’m pretty sure they will help you prevent the sneaky little so and so’s from getting in.
The only good thing is that Wordfence automatically upgraded me to their premium plan for 12 months by using their services. So now my site is fully protected against malicious attacks. It still worries the hell out of me when I get emails saying hackers are trying to break in. I think I’m always going to be on my guard. I put so much time and effort into my blog that it really is my second baby!
Do you have any tips for preventing hacks to your website? As always I love to hear your thoughts.
Thanks for stopping by today, and I hope these tips will help you keep the sneaky so and so’s at bay!
*This is a collaborative post