After the hack today that took down some pretty major sites out there that we all use on a daily basis, I wanted to share some helpful information I've come across in the WordPress world. I myself have been hacked twice. Ever since moving my photography business website from a big company, I've finally been able to move on with my life.
Even though today's massive attack affected mostly DNS, your websites server can be attacked at anytime. This is where some helpful little tools can come in handy and help keep us moving along business as usual! This article mostly speaks to those of you using WordPress as your content management system (CMS), and since that is where my hacking experience lies, I don't want to give advice to other platforms.
WordPress Plugins That Will Put You at Ease
- BulletProof Security: Don't be fooled by their goofy graphics; this little plugin has come in handy for me more times than one. It will alert you to many things like login security, monitoring of which users have been in your site, and the feature that sold me: .htaccess. My hacker had not only gained access to the database and WordPress side of things, they where able to create a back door so every time I'd create all new logins and reset my database, boom, a few days later, they where back and spreading poison throughout my site.
- Askimet: This plugin is way more simple and at first all I thought I needed for my photography blog. You sign up for this spam service on an annual basis, and it controls spam hitting your posts. At first, these annoying bot comments seem like just jargon; however, this can eventually lead to hackers getting access to your database. I highly recommend this little tool. It also comes with dashboard reporting, so when you log in, you can see who is commenting and what the system did with it.
- Wordfence: If you're going to just only take away one thing from this article, go learn about this plugin. I found this little sucker too late in the game as my site was completely unsalvageable. However, their upgraded plan can even help sites once the hack has happened, and you need help because you're a photographer and don't want to sit and spend your days cleaning code. It also does many of the features that I've mentioned in the other plugins, however does require a hefty fee.
Without this plugin, I wouldn't have caught the string of text at the bottom of each of my 177 posts that was causing every blog post on my site to re-direct to some online pharmaceutical company. Thank the code gods because I could've moved my site and infected the new server, further opening that door to my online business.
WordPress Hosting Must Haves
Since my switch away from the domain and hosting giant whom I now despise, I've been thrilled with the new service I acquired. Finding not only excellent customer service, I'm now hosted with a company who watches for these types of behaviors and alerts the users if they feel a server is infected and that your site might be a target. If that wasn't ultra helpful enough, they'll take it upon themselves to move you to an entirely new server that has no red flags and give you 14 days to make any changes.
Being a photographer, I don't want to have to monitor my website all day, every day. Heck, I don't want to monitor it at all! So, going through the painful process of rebuilding our 10 years of work and Internet history really opened my eyes to how important it is doing business in a digital age and knowing you have security. Cyber attacks are becoming more and more evil and are an online business' worst nightmare, and the distributed denial of service (DDoS) attack is one such attack that can cause a massive damage to any service. More information on the attack itself can be found here.
Lead image by Wikipedia user Colin, cropped and used under Creative Commons.