How CAN YOU Recover If Your WordPress Blog Were Hacked?
I am probably an innocent abroad, but it never occurred to me that my blogs were worth anyone’s notice to bother hacking them. However, hackers seem to view even the tiniest of blogs and users as fair game.
A couple weeks ago, several of my blogs were hacked and as I use some of them as landing pages for my articles, this was a huge set-back to my article marketing career!
Now I really like WordPress, but I have to confess that when “they” explained how easy it was for a beginner to begin with with WordPress, for anyone who is completely new to “all this complicated ftp stuff”, it’s a very steep learning curve. (I’m glad I persevered.)
However, I was just beginning to feel I’d learned the essential principles, and had set up about ten blogs with just a little income coming in online, when catastrophe struck and I managed to get several hacked inside a single week. Don’t ask how or why it just happened – I’m not sure easily know myself what went wrong, but one after one I started receiving warning messages from Google, and then I realized….
Help – my blog has been hacked
To start with I was pretty unconcerned because I had, of course, backups of most my blogs. I did so this utilizing a popular plugin, so I imagined it will be relatively easy to restore the damaged sites from the backup.
How completely wrong could I be? I clicked at the “restore blog” help page, and my spirits sank as I read the instructions. I couldn’t help but feel I would need a master’s degree in Information Technology it had been so perplexing (to me, as a newbie).
I asked on WordPress forums and although everyone there is very sympathetic, their suggestions were largely beyond me. A few clicks to them could possibly be an hour for me personally to figure out.
In my horror that I couldn’t workout how to get over the backups I wondered whatever next. My son, who works in IT but knows nothing about WordPress, suggested that I speak to the three different serves where my blogs were hosted and ask if they knew how to re-install my backups and tidy up the hacking.
It was here an interesting disparity came about. The initial company, Hostgator, had me back online again in just a few days, all hacks removed, without even resorting to my backups. I have no idea how they achieved it, but top marks in their mind.
Hostica, my second hosting company, were also extremely helpful and patient with my problems and misunderstandings, and re-installed the sites from my blog backups.
Unfortunately, although my content was unharmed I had lost all my blog customizations and plug-in settings – that i gather is something “everyone” knows happens when you restore or move WordPress sites. (Well, everyone but me!) So I still had several hours work to do to get back again to the pre-hack condition. I suspect I’ve lost most of the “tweaks” I made without noting them down, because having taken backups I never expected I’d lose all my settings.
A third company, that i will not name, has still (a full month later) not managed to recover my site despite having access to (a) a backup from the plugin and (b) files I had ftp-ed onto my own PC as another means of backup. To put this in context, Hostica had my websites content (however, not settings) recovered within a quarter-hour of me sending them the backup from the plugin.
So after 6 very useless weeks, all except one of my sites are online again, and attempting to recover whatever credibility they had with Google and co!
Preventing and Dealing with Hacked WordPress blogs
But what advice can I spread to fellow newbies out of this disaster?
1) Support from your hosting company is essential. Hostgator and Hostica gave me excellent support and I shall continue hosting with them. Company three has been a catastrophe, yet when I check online, other folks give them good reviews. Draw your own inferences from that.
2) Ideally your hosting company will be making regular backups of one’s site if you happen to need them to recover a site for you. But it’s still smart to have a backup of your, in case the webhost fails. (Unlikely if you choose a reputable company to begin with.)
3) Other tips to prevent such hacking before it happens, are to change your WordPress admin user from “admin” to something more obscure, use a remarkably complicated password that includes special characters, and change your profile which means that your first name is displayed, not your user name.
4) It is also important to keep all your plug-ins, plus your version of WordPress up-to-date, and make sure you don’t display which version of WordPress you’re using.
These and other tips I learned from the free plug-in WP-Security Admin Tools, which I suggest you implement immediately, since it will highlight security weaknesses you can fix.
Best of all, I came across an instrument that lets me take a complete clone of my blog in minutes, and recover everything (content, plug-ins, themes and images), even to an empty domain, such as for example when relocating my blog to a new host.
If I had used this inexpensive program before my sites were hacked, I would have been in a position to restore them within a few minutes from clean, compressed backups, such as for example those I will have on my PC.
In the future, easily were dissatisfied with my webhost, these copies certainly are a breeze to move to a totally new company.
Or should I just want to duplicate an empty customised blog to start out a fresh one with the very same setup, this is also the tool for the job. In fact that is its main purpose – the backup function is advertised as a second function.
Establishing Fix hacked wordpress website was a breeze with Hostgator. Configuring it with Hostica didn’t work first time, but the publishers caused me to recognize and resolve the down sides, which were in database settings, so all is well now.
Yet another example of excellent support originated from the their staff.
To conclude, my recommendation to any-one, newcomer or experienced user alike, who is concerned about how exactly to backup and safeguard your WordPress blog is to save yourself hours of grief and heart-ache, by using this tool.