Okay, as I’ve promised earlier, here’s a quick run down of how I have beefed up the security of this blog in response to the horrendous episode of hack attacks that screwed up my blog, the database and wiped out 6 month’s worth of posts.

Hard to crack passwords for Cpanel and Dashboard.

It’s a good thing I’ve developed the habit of creating passwords that are completely unrelated to my person such as name, date of birth, place where I live, the schools I’ve attended, etc. and manage to remember them. Passwords based on such information could easily be guessed by anyone whose bent on doing me harm even without the use of password-cracking techniques and software because those basic information about me could be easily culled from the web via the various social networking sites I use. Just Google my name and you’d know what I mean.

So on top of that, I’ve also become used to using passwords that are alpha-numeric and containing special characters. Finally, I’ve decided to change my blog’s and my hosting account’s Cpanel password every 6-months to keep hackers and other evil-doers guessing.

Plugins that add layers of security to my blog

Creating hard to crack passwords is just one step in blog security. The next logical step is to install plugins that add more security to your blog. It does not only prevent hackers from gaining entry and using your blog for their evil deeds, it also helps in the prevention of spam.

Login LockDown by By Michael VanDeMar, it adds some extra security to WordPress by restricting the rate at which failed logins can be re-attempted from a given IP range. I’ve customized mine to limit login attempts to 3 retries within 3 minutes. Offending IP ranges are blocked for two full hours. It’s so effective, it even blocked me when I failed to enter my correct password due to clumsy fingers.

Theme Authenticity Checker (TAC) by builtBackwards. It scans all of your theme files for potentially malicious or unwanted code. Had I known about this plugin earlier, the first hack attack could’ve have been prevented because the hacker injected my theme files with their spam codes. Do check out Jaypee’s review of this great plugin. We highly recommend it.

WordPress Firewall by SEO Egghead, Inc. just like what it’s name says, it blocks suspicious-looking requests to WordPress and provides for a way to white-list certain requests made by us admins and the plugins we use. It’s so powerful because it’s customizable.

Besides from this security plugins, it’s best to always upgrade your WordPress to the latest version because these releases contain bug fixes and security improvements. And never forget to keep backups and more backups of your blog’s database and make sure they’re in working condition.

Has you blog been hacked? How did you secure it and steps did you take to deal with the damage? Do share your tips and stories. Stay safe!

Image by lloydi.

• WP 2.7 and compatible plugins I use (7)
• Now powered by WordPress 2.5 (9)
• Comments + Luv = CommentsLuv (17)
• Plugin Compatibilities with WordPress 2.3 Release Candidate 1 (8)
• How to monitor plugin updates (5)

Things may be a bit quirky and strange around here, the most obvious would be a 6-month gap between this post and the rest of the posts in this blog. That’s the casualty of another episode of hackers taking over and screwing with my blog.

It was a total nightmare! I thought my theme were injected with malicious code again and once it’s removed the problem would be fixed. However, the problem was more serious than I thought. No matter which theme I use, the problem was still there; my pages and posts would only be displayed up to the title and the rest of the post/page just vanished.

The strange thing is, only the Archives page displayed as it should. However, I cannot make sense why this was so. I checked and re-checked the theme files of every theme in my blog and found no malicious code. This was something more complicated for my meager PHP/CSS programming skills could handle. For I found a folder in my root directory containing codes that inserted spam into my blog’s posts and pages. Since the hackers have already set a foothold in my blog, drastic measures had to be taken.

So with frustration and sleep deprivation settling in, I had no choice but to resort to deleting my old blog and starting again from a clean install. Everything went fine until it turned out that the latest copy of my blog’s database was damaged. So I had to revert to an older copy which I made six months ago. Meaning 6 months’s worth of posts went down the drain. Curse those damned hackers!

So now I beefed up the security of this blog, installing additional plugins like the Theme Authenticity Checker which scans each theme for malicious code as advised by my good friend Jaypee. I’ve also changed the password to a longer more secure one and I’ve also disabled user registration.

Another lesson in blogging learned the hard and painful way. Hopefully, this would be enough to protect my blog from hackers and spammers. Stay safe everyone!

*Image by gutter, licensed under the CC Attribution-Share Alike license.

• Surviving a blog hacking attack (0)
• Thesis 1.8.2, Jetpack and few other updates (2)
• Finally, integrated Facebook & Twitter Login to WordPress comments (0)
• Moved to a new web host (2)
• Recover lost blog posts with Feedblitz & Google Reader (4)

There’s a serious security concern for WordPress users as a worm has been lurking the Internet wreaking havoc on unpatched versions of WordPress.

The warning comes from no less than WP creator Matt Mullenweg himself in a recent post on the WordPress Dev Blog:

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.

Though I’ve read and heard of blog attacks before, I’ve never really encountered one on my own blog. Well, that was until the last week of July and the whole month of August that is. This blog had been a victim a hack attack. Probably from that worm mentioned in Matt’s post, but I still haven’t found a solid piece of evidence to prove this. Yet there were plenty of other signs that indeed the worm had attacked my blog.

It required me to change my password

Never in my entire four years of blogging have I ever encountered a need to recover my own password because I’ve been careful with it and I’ve never forgotten it. So I found it bizarre one morning on the closing weeks of July that my original password was not being accepted by my blog. Thinking it was part of a routine WordPress update I installed, I simply opted to reset my password and replaced it with a stronger one. How naive of me as WordPress has never done something like this before.

Sudden decline in blog traffic

My web traffic went down to almost nothing

Shortly a few days after that ‘mandatory’ password change, I noticed a sharp decline in my blog’s traffic. Thinking it was another round of punishment from Google for the paid link ads on my blog, I said to my self that it will return to normal after a few weeks. Unfortunately, those weeks lasted for the whole month of August and the early days of September. From a daily average of 1000+ visitors, blog traffic plummeted to an average of 5 a day! Something else was wrong with my blog and I began to look around for things out of the ordinary. A broken plugin perhaps or a theme element gone wrong.

My theme was acting weird

Though at that I haven’t updated the Vigilance theme I was using, I noticed that whenever I’d view the front page of my blog, something would stick out of just below the footer and brake the width of the theme. Thinking it was just some stray CSS elements or some code from the buttons on my blog I paid little attention to it. Then it dawned upon me that this first occurred days after my “mandatory password reset” took place.

Then my blog screwed every browser it encountered

Shortly after writing my post on August 25, Chrome would crash after spewing out lots of new tabs every time I’d view my blog’s front page. Thought it was just Chrome shooting its own foot, I tried viewing my blog with Firefox and the same thing happened. It was at this moment that I decided to have a second look at my theme files.

Codes for spam in the form of iframes that were redirecting traffic from my blog to a website about greeting cards and stuff were inserted into my theme header and footer files! This is what has been causing my blog to break its margins, this is what has been stealing my blog traffic and this is what has been screwing up with my browsers.

Things were fixed with a minor surgery

So immediately, I downloaded all the themes in my blog’s theme folder via FTP and had each and every single theme file checked and re-checked for any spam codes inserted by that worm. I also removed most of the plugins that have been inactive for so long and I also checked the WordPress files for malicious codes.

Digging a little deeper, I once more combed my MySQL database for any injected code and alien user accounts. Fortunately, the only part of my blog that was compromised by the worm was the theme currently in use. So after cleaning up the theme files and re-uploading them, the ordeal quickly ended.

Blog traffic quickly recovered to normal levels and my blog behaves normally now when viewed in all the web browsers I use.

Beefing up the security

To prevent another future attack, I’ve beefed up the security of my blog. I once more changed my password to a more secure one. I’ve deleted all the plugins that I’m not using. User registration has also been disabled and for a new layer of protection, I’ve installed the WordPress Firewall plugin as recommended to me by Ade when I checked his blog for a possible attack last month.

Just recently, I followed some of the steps mentioned by Jaypee, Donncha O Caoimh and the WP team.

For now, I rest more easily at night knowing that despite suffering a blog hacking attack, my WordPress-powered blog is more secure than ever thanks to this learning experience and the expertise of the WordPress community.

However, vigilance, diligence and being a smart blogger would be my edge in keeping my blog safe from those nasty evil-doing hackers.

• Recovering from another blog hack attack (6)
• Thesis 1.8.2, Jetpack and few other updates (2)
• Finally, integrated Facebook & Twitter Login to WordPress comments (0)
• Moved to a new web host (2)
• Recover lost blog posts with Feedblitz & Google Reader (4)