A Few Things You Can Do to Avoid Being Hacked

Eeek! My blog was hacked! It wasn’t a fun experience, but I learned a few ways to avoid being hacked in the process. Now I want to share the tools that will help you keep your blog or website protected. Here’s my story.


Sometimes it seems like life is one learning curve after another.  Just when you get the hang of diaper changes and the right number of naps a day, your baby starts walking and you’re shoved into the world of parenting a toddler. Children are a constant roller coaster ride but they’re nothing in comparison to the endless learning required to be computer literate.  I’ve worked on Adobe Photoshop for over two years and I still have only scratched the surface.  The program frequently drives me to tears.

My foray into creating and running a website has been fraught with confusion and frustration.  I had to buy a book to understand how to use WordPress and just the mention of HTML makes my eyes cross. Two weeks ago the launch of this website was stopped cold by my hosting company, who informed me I had gone over some electronic limit of something, and that I needed to pay $169 a month so this wouldn’t happen again. Thankfully, like most things connected to WordPress, there’s a free plugin for that. I have no idea what it does or how it works, but hopefully the insert of “Quick Cache” will solve the problem.

But my worst problem yet came this morning when I woke up to find my website had been hacked.

Someone, or more probably some roving program, managed to get into this website, and from here jump to my two other sites.  Not fun. I contacted my hosting company who ejected the bug. Meanwhile, I spent the morning installing MORE plugins and updating both my passwords and user names. Unfortunately, I lost three posts, and basically everything I worked on this week is gone, as well as a large number of my follower’s comments.  This part is especially upsetting, because I love your comments and I can’t bring them back.

After my hosting company Just Host cleared up the hacking thing, they sent me a very nice letter explaining all the things one can do to make one’s site safe.  Since the only safety measure I knew about prior to today was to install a strong password I thought I’d pass some of their advice on to you, just in case any of you use WordPress for your blogs.

How to Avoid Being Hacked

Here are some things you can do to secure your WordPress blog. (Please note, although I added some thoughts of my own here and there, almost everything about that is written below came directly from Just Host.)

1: Encrypt your Login

Whenever you try to login to your website, your password is sent unencrypted. If you are on a public network, hacker can easily ‘sniff’ out your login credential using network sniffer. The best way is to encrypt your login with the Chap Secure Login Plugin. This plugin adds a random hash to your password and authenticate your login with the CHAP protocol.

2: Stop Brute Force Attacks

Hackers can easily crack your login password and credential by trying hundreds of different combinations. To prevent that from happening, you can install the Login Lockdown Plugin. This plugin records the IP address and timestamp of every failed WordPress login attempt. Once a certain number of failed attempts are detected, it will disable the login function for all requests from that range.

3: Use a Strong Password

Make sure you use a strong password that is difficult for others to guess. (Ok. I knew I was supposed to do this but I was lazy.) Use a combination of digits, special characters and upper/lower case to form your password.

4: Change your Login Name

The default username for many sites is “admin”. You can make it more difficult for the hacker to crack your login credential by changing the login name to something unusual.

How to:
In your WordPress dashboard, go to Users and set up a new user account. Give
this new user administrator role. Log out and log in again with the new user

Go to Users again. This time, check the box beside admin and press Delete. When
it asks for deletion confirmation, select the “Attribute all posts and links
to:” and select your new username from the dropdown bar. This will transfer
all the posts to your new user account. Press Confirm Deletion.

5: Upgrade to the Latest Version of WordPress and Plugins

The latest version of WordPress always contains bugs fixes for any security vulnerabilities, therefore it is important to keep yourself updated at all times.

6: Backup your WordPress Database

No matter how secure your site is, you still want to prepare for the worst.  After reading this post, the writer of Beautifully Invisible suggested a plugin to back up WordPress blogs.  It’s called the WP-DBManager Plugin.

Update July 2013: My blog was hacked over two years ago, but I installed these plugins and used all the tips I explained above to protect my site. I have not been hacked since!

, ,

30 Responses to A Few Things You Can Do to Avoid Being Hacked

  1. anne
    April 16, 2011 at 9:57 pm #

    I’m SO sorry that happened to you. what a violation.
    anne recently posted..4-16 pink ladyMy Profile

    • Heather Fonseca April 17, 2011 at 8:51 am #

      But Anne you saved me! Thanks to your quick thinking I can put up the post with the leopard skirt again.

      I was upset yesterday, but you live and you learn.

  2. Joy April 17, 2011 at 3:53 am #

    How frustrating! You have to wonder who are the deviants involved in wreaking so much havoc?!

    I’m glad your blog is working again. Thanks for the safety tips.

    • Heather Fonseca April 17, 2011 at 8:52 am #

      I too wonder who’s behind the hacking, but I’ll probably never know.

  3. Sharon April 17, 2011 at 7:01 am #

    So, sorry that this happened to you. I came past your Design blog and got a hacked message, which made me quickly shut down. It is a shame that people have nothing better to do with there time but, disrupt the lives of others.

    Thankfully, you got it all taken care of. These are wonderful tips. I am going to review my site later this evening and I am definitely going to share this post with others.

    • Heather Fonseca April 17, 2011 at 1:30 pm #

      Thanks for sharing Sharon! I noticed you had tweeted the post this morning. Hopefully there will be more tips as people see the post and add their own suggestions.

  4. SACRAMENTO April 17, 2011 at 7:45 am #

    I suppose all these troubles are part of learning, and improving; although so anoying, ahhhhhhhhhhhhh.
    I will stick to blogspot, so far so good…( fingers crossed)

    • Heather Fonseca April 17, 2011 at 8:53 am #

      I know a lot of people like blogspot, and I think it’s perfectly fine! I went strait to wordpress so I have no experience with other options.

      And, yes, it’s all part of learning, which I’m glad I can continue to do. I wouldn’t want to be stagnant, but it is hard sometimes.

  5. Beautifully Invisible April 17, 2011 at 10:56 am #

    I am so sorry this happened to you! Thank you so much for sharing these pointers with us – they are important and it was great of you to share them (and you should submit this post to IFB!)!

    In reference to backing up your database, there actually IS a plugin – it’s a feature that comes with WP-DBManager. I have a copy of my database emailed to me every day. You should check it out when you have a moment.

    I’m glad everything worked out in the end!
    Beautifully Invisible recently posted..Links à la Mode- The IFB Weekly Roundup- Week of April 14- 2011My Profile

    • Heather Fonseca April 17, 2011 at 1:32 pm #

      I’ve checked out the plugin and installed it. It looks like a good back up plan – unfortunately I’ve gotten this weird warning message that can only be fixed by changing stuff in the HTML files, which I find so confusing I can’t manage at all. (I hate it when plugins require extra work on my part, especially when the instructions are vague. But I guess that’s what you get for free.)

      • Heather Fonseca April 18, 2011 at 5:16 pm #

        Just host fixed the weird warning for me. Cool! thanks for the tip.

  6. citizen rosebud
    April 17, 2011 at 10:26 pm #

    I am so sorry to hear this, but am glad you got your blogs up and running again. You are the second person I know that got their blog hacked and deleted. I have concerns even though I downloaded a back up of my blog- because it still says it’s on a webpage- so will the back up be there if my acct gets hacked?
    I would be terribly at a loss if I lost my blog- so much of my blood sweat and tears is in it. xo.
    the Citizen Rosebud
    citizen rosebud recently posted..My TownMy Profile

    • Heather Fonseca April 18, 2011 at 5:18 pm #

      The hosting company had a backup to last week sometime, so I only lost about a week’s worth of posts, not the whole thing. That really would have been frustrating! I’m not really sure how the whole back up thing works, anywho, I’m glad it happened and I learned something and now it’s in the past, you know?

  7. Madison
    April 17, 2011 at 10:57 pm #

    Oh my goodness! How horrific, I’m so sorry this happened to you. This happened my co-worker at work at his work computer several years ago (his email)… now when I work travel I try to use our secure connection. Also, do you use a firewall during your internet working hours? I’m glad that everything worked out!
    Madison recently posted..Rain- Sun- Sun- RainMy Profile

    • Heather Fonseca April 18, 2011 at 5:19 pm #

      Hey Madison, I don’t know if I use a firewall or not. All this computer stuff is a bit beyond me I’m afraid.

  8. Oh to Be a Muse
    April 18, 2011 at 8:52 am #

    these are very good tips–especially about encrypting your login. sorry your site got hacked though!
    Oh to Be a Muse recently posted..Rock- Rock- Color Block – With AccessoriesMy Profile

    • Heather Fonseca April 18, 2011 at 5:23 pm #

      I feel very secure now that I’m all encrypted and stuff. Actually, I was always a little worried about being hacked.
      It seemed like security was lax on my part.

  9. Stacey - Total City Girl
    April 23, 2011 at 9:17 pm #

    UH! So annoying! Thanks for the useful info. I’ve been backing up every night since I made the switch to WP. 🙂
    Stacey – Total City Girl recently posted..Events Regina &amp Joe’s 50th Wedding AnniversaryMy Profile

  10. Bree April 26, 2011 at 4:04 pm #

    Oh, I know that feeling of having had your site hacked – it happened to me twice! I now use the Backup Buddy plugin. It costs a little bit of money, but it has saved me So. Many. Times now that I couldn’t possibly live with out it!

    • Heather Fonseca April 26, 2011 at 9:05 pm #

      Oh my gosh – TWICE! That must have been really frustrating. I’ll have to check out the backup Buddy plugin!

  11. bubbleboo May 6, 2011 at 10:47 am #

    So sorry you had to deal with that 🙁 I’m just setting up a new site, and was looking for ways to avoid hacking. I Googled and your post came up, so your horrible situation is at least doing some good for others.

    Thank you for sharing 🙂
    bubbleboo recently posted..THAT WeddingMy Profile

  12. Yolandie Olech May 20, 2011 at 11:37 am #

    Thanks for the info! will sure put it to use!!!

    • Heather Fonseca May 21, 2011 at 9:38 am #

      Thanks for stopping by Yolandie. I hope it never happens to you.

  13. Julia Barnickle July 19, 2011 at 10:18 am #

    Hi Heather – like you, I learned the hard way when around 5 of my websites (and my clients’ websites) were hacked.
    Thanks for the plugin suggestions – I haven’t come across those ones before.
    For backing up the database, I use wp-db-backup (http://wordpress.org/extend/plugins/wp-db-backup/).
    I also use wordpress-backup (http://wordpress.org/extend/plugins/wordpress-backup/) to backup the upload, themes and plugins directories.

    • Heather Fonseca July 19, 2011 at 1:41 pm #

      Hi Julia! Thanks so much for stopping by. The hacking was upsetting but in the end all was well. I lost a lot of comments, which was upsetting, but now I get backup files every other day! Hopefully it won’t happen again, and if it does I’ll be prepared.


  1. Links á la Mode:Tech Weekly Roundup | Independent Fashion Bloggers - April 26, 2011

    […] Style Confessions: A Few Things You Can Do to Avoid Being Hacked […]

  2. So you want to be a better beauty blogger? | Styling You - April 26, 2011

    […] Style Confessions: A Few Things You Can Do to Avoid Being Hacked […]

  3. Links a la Mode – The best techie posts of the week | Style Confessions - April 26, 2011

    […] Style Confessions: A Few Things You Can Do to Avoid Being Hacked […]

  4. Links à la Mode: Tech | Search & Dresscue - April 27, 2011

    […] Style Confessions: A Few Things You Can Do to Avoid Being Hacked […]

  5. Links Out: | - Joanne Faith.com - May 6, 2011

    […] attacked & exploited resulting in who-knows-what. BUT, Style Confessions is here to help with a few tips on how you can avoid being hacked. Extra for experts: Check out website security tips from […]