Like this article? PLEASE +1 it!

How to Recover from Blog Hijacking

Article Overview: This article describes how to restore your WordPress blog after being hacked into. This happened to me at the end of 2009 and after doing the necessary research on the net I was able to bring back my blog the way it was before the malicious attack. The text covers step by step instructions that will ultimately result into a more secure blog.

Free Download - How to Recover from Blog Hijacking By Claudiu Geanta

How to Recover from Blog Hijacking

Sometime towards the end of 2009 a Syrian hacking team hacked into my blog and changed the theme to always display their information. Founding their logo in poor taste and not appreciating their action in the least, I immediately decided to take the appropriate safety measures and make my blog more secure.

Here are the steps I took in order to accomplish that:

Step 1 - Always Backup your files

This is your very first line of defense. And it's always a great idea to keep a fresh copy of your installation files and a backup of all your posts. Check with your hosting company to see if they offer automatic backup. Do this task on a weekly basis - it only takes minutes if not seconds (depending on the size of your blog).

It is also a good idea to store your files in 2 separate locations (see this article for good backup procedures)

Step 2 - Immediately Change the Admin Password

Make sure you know the email address you provided for the "admin" account. This is where you'll receive the new password. Login and change the password to something a bit more complicated than your pet's name. Remember and use a combination of numbers, special characters, lower and upper case letters. For instance - Fluffy is a very weak password while fLu55Y$ is much harder to guess.

Step 3 - Create another Administrator Account

Login as the "admin" of the blog with the newly acquired password and create another account with Administrator privileges. Use the principles of finding a strong password as described above.

Step 4 - Change the "Admin" User

The most common method to break into a blog/website is the brute force - the hacker will try to guess the name or password of the admin account and revealed, (s)he will use scripts to try thousands of password combinations with that account name.

In almost all cases the WP install files come "prepackaged" with the "admin" name as the default administrator account.

Fortunately changing this account name is very easy to do:

Log into your blog using the new user account created in Step 3 and delete the "admin" user. If you have posts published with "admin", WordPress will ask you if you want to move those posts under a new user. I chose "yes" and indicated what the author should be.

As a side note - it's a very good idea to create this admin account and keep the name and password secured but most importantly is to create another user (I chose "Author" privileges for this account with my name so I can use it every time I create a new post).

In case your "admin" account does not have a "Delete" command (which happened to me), right next to the "Edit" one, install this WP-Optimize plug-inand rename or even delete the "admin" account.

Step 5 Hide Your WordPress Version

Another "hole" hackers use to infiltrate is by publicizing the version of your WordPress blog. The fact of the matter is that it will be harder for the hacker to hijack your site if (s)he knows as little as possible about your blog.

By default WordPress broadcasts to the world the version that you are running, and this information can be used against you, because hackers know the security holes on each WordPress version.

Hiding that information is not difficult though. First of all you want to disable the "generator" meta tag. You can do that by adding the following code to the functions.php file of your theme:

function hide_wp_vers()

{

return '';

}

add_filter('the_generator','hide_wp_vers');

Step 6 - Delete the readme File

There is also another place where hackers can find the version of your WordPress - the readme.html file. GO ahead and FTP into your site, find the file and delete it.

Step 7 - Disable Folder Browsing

This is another item you should hide on your site - the content of your folders. If people can browse your folders, they will be able to collect lots of information (themes you are running, plug-ins, etc.) Again - the less they know - the better for you and the safety of your blog.

If your web hosting is based on Linux, you can easily disable folder browser within your .htaccess file placed at the root of your server. You can create that file or open the existing one and add the following line:

Options -Indexes

If your hosting is not based on Linux, you can still protect the content of your folders by uploading a blank index.html page inside each folder.

Step 8 - Rename Your Table Names

I would not recommend any plug-in to accomplish this. You can find some, but they are known to cause problems. Best way - manually and it's safer.

Here's a step by step instructions on how to do it:

You need to locate "phpMyAdmin" which for most people's setup will be in your cpanel. Look for "MySQL Databases" and click it
You should now see "phpMyAdmin" opened and the logo at the top left. Click on the database title under the logo. NOT the one titled 'information_schema' THE OTHER ONE!! You are of course looking for the database that has all the tables with 'wp_' prefixes.
Across the top of the screen there is now a menu. Locate "Operations" and click it.
Locate "table options' then "rename table to". This is where you rename the table prefix only. That's the part before underscore "_". Once you're done, click "go" to save you change.
Click back on the database name on the left which should now be BLUE and rename each table from step 4 until you've changed all of them.
Click again on the database name on the left. Then the "Structure" tab next to the table 'yourprefix_options'. Click on the menu option "Browse" and use arrow buttons to locate the page the option_name "wp_user_roles" is on. Click on the edit/pencil icon and again change the prefix. Then click "Go"
Click back on the database name on the left. Then the "Structure" tab next to the table "yourprefix_usermeta". Click on the menu option 'Browse' and use the edit/pencil icon on each "metakey" that uses the old 'wp_' to your new prefix. Click "Go" each time you've altered the prefix.
Click on the exit/logout icon at the top left of the screen.

Step 9 - Modify the "wp-config.php" File

FTP into your site and find the file called "wp-config.php". Edit the line that says" $table_prefix = 'wp_';" and change the "wp" to your new prefix. Save the file and upload back up.

Step 10 - Always Update Your WordPress Version

Every time a new WordPress version is released hackers have to scramble and try to find new ways to damage it and thus hit other blogs and deface them.

Sometimes they find them, but the WordPress community usually responds quickly and releases an updated version protected against the new threats.

Related Articles

Amygdala Hijacks and what to do about them

Blogheads

Recover Hard Drive Files Now

Franchise Contracts - Getting Sick would really Suck

Blogging Income-How To Set Up A Free Blog And Make Money With It

Home > Home-Based-Business > Claudiu Geanta > How to Recover from Blog Hijacking

Article Tags: blog hacked, blog security, hacked blog, hijacking, malicious attack, secure blog, wordpress blog, WP safety measures
Referred by: http://jaykubassek.com

About the Author: Claudiu Geanta
RSS for Claudiu's articles - Visit Claudiu's website

Claudiu Geanta is a successful online business owner and founder of Design by Satori & ProIncome Marketing, LLC. He teaches every day people how to build an optimum online business, SEO and SEM. Claudiu lives with his wife Andreea in Southern California.

Click here to visit Claudiu's website

More from Claudiu Geanta

Green Realestate CSS Template

FREE Realestate CSS Template

FREE Twitter Background in PSD

Red Realestate CSS Template

Related Forum Posts

Re: Best Internet Marketing Strategy - Hi David, I agree about the Blogosphere. You have a smaller group that Blog, but do so on the premise that they think they should, but have never really considered the purpose of their Blog. Then I think there are a few SEO or Internet Marketing types that see Blogging as just another link building strategy. But the largest group of Bloggers, tend to be people who enjoy writing and discussing their topics of interest. Blogging is good for link building, but the true Blogger is a breed apart from the rest. They want to dialog, to debate, to have feedback and they are very willing to link to other worthwhile conversations that are relevant to their topic. I agree with you. These group of Bloggers obviously are passionate about their writing and together, they create huge conversation trails interactive and travel from Blog to Blog. But the evidence is clear with this group that loves what they write about. With comments enabled on a Blog and having a Blog tuned to a specific purpose you already have the evidence of original Social Media.

Re: Alexa Ranking Goals - That's great GT! What method did you use to put up the Entrepreneur Blog Network in your Wordpress Blog? We're always looking for the easiest methods to help bloggers who are not techies get involved.

EvanCarmichael.com suggestion - Maybe I missed it but I would like to suggest that a Blog be created to support the Forum. The idea is that in the blog you put in snippets of some of the biggest conversations with a 'read more' link to the forum itself. Setting up the Blog and clipping some conversations onto it wouldn't take very long.

Jen's Blog - Spam protection - Jen, I like the Blog and just posted a comment to one of your articles. From my experience you need to implement some sort of SPAM capture tools. i use them on my Blog and it's been a life saver as I'm getting hit by spam atleast 5 times a day. I use Wordpress and they have plugins like Captcha and SPAM Karma installed.

Blog Marketing Anyone? - Hi Kevin I suppose you could use the same SEO principles on a Blog as you can for a website but the more content you have within your Blog, the better rankings/traffic you would receive. Would you have time to write a full length article with tips in it every day or second day to get the article count rolling over every week? I would also like to know if anyone has had any experiences with marketing blogs and the traffic they received.

Recommended Article for You close

Amygdala Hijacks and what to do about them

Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Featured Article

2 Traits To Create Relationship Through Your Brand - With People You've Never Met

by: Erin Ferree, Small Business Branding Coach

Trending Articles

4 Building Blocks of an Effective Talent Management System

Simon Fuller Quotes

Lesson #3: “Tell ‘em quick and tell ‘em often”

Searching for the Stars: How Yang and Filo Took Their Business to New Heights

Salesperson Wimp-Out: I Need Help

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.


Name:
Email: