This is a crosspost from A.J. Cosmo
Eagle eyed readers may notice that my site recently underwent a major transformation. That’s no accident. On the contrary, it was forced.
My web host service (IXWebhosting.com) notified me that my website had been compromised by malware. To be more specific, my WordPress blog had been infected and was busy sending out spam email to heaven knows where.
The spike in traffic raised a flag, IX shut down my site, and I lost everything. The malware had been installed through brute force password cracking (a computer kept trying to log in until it guessed right, literally millions of times.) Once inside, it created an account for itself, gave it full permissions, and started executing PHP scripts while modifying the other PHP files that were there already.
PHP files are what makes WordPress function. They are basically programs that can be run server side. Once the malware virus started changing these though, it made it almost impossible to recover from. IX cleaned the server and removed the bad files, but the damage was done. The malware had changed critical WordPress PHP files and I couldn’t get them back without reinstalling everything.
If all of that sounded confusing or full of jargon, don’t worry, I only understand it because I had to. You don’t have to understand PHP though to protect yourself. Here’s three easy steps you can take right now to keep this curse from happening to you.
- Install a firewall program on your WordPress blog.Under plugins search for Firewall and find one that both stops robots from accessing your page and also limits the number of password attempts. WP Security and WordFence come highly recommended.
- Make your password stronger.Your last name combined with your birthday won’t cut it anymore. Even adding extra characters and punctuation won’t help much either. Use the password generator under Users to create a strong password. Those are usually around 16 characters and have random numbers and letters. Copy and paste into a password file if you can’t remember it.
- Backup your files.I didn’t have any backups so I had to start from scratch, however, WordPress supports backups and restores. Follow this tutorial to learn how to save your work.
Preventing an attack is much easier than recovering from one. I’m lucky that it was isolated and that I have such an awesome and supportive community, however, if I had known better earlier it would have saved a ton of stress. These steps only take a few minutes but they can save you weeks of work.
As for me, I’m making a tall pitcher of lemonade out of these lemons.