Comments on: Another Site Hacked: Prevent This from Happening to You

By: Robert

Robert — Wed, 26 Jun 2013 16:18:26 +0000

Wow! This is quite a story. This is the first I had heard of this. I stumbled on to this story doing some other research and felt compelled to leave a comment. I’m curious: did the hackers use some type of social engineering or pretext to get access at your registrar information? During a domain transfer there are usually notification emails sent out, so this is quite a disturbing story.

It’s good to see that you’re back on track though. = )

By: Pawel Reszka

Pawel Reszka — Wed, 10 Apr 2013 14:09:03 +0000

I have found out about this just now. That sucks! How in the hell did they manage to hack into your Namecheap account? I know that hackers try to get to my blog from time to time. I monitor my server stats regularly and sometimes I can spot the bot searching for the login page and once it finds it, it starts hitting it like every few seconds. I then just blacklist their ip instantly and they are gone. But it’s scary to know that they got into your domain name registrar. I need to double check my settings asap.

By: Philip

Philip — Fri, 08 Mar 2013 16:29:25 +0000

Hi Nicole,

Wow that’s some scary stuff Kim wrote in her email. I also use Better Wp Security plugin for my website and have a strong password which I regularly change.
I’m definitely going to check out the 2 step verification for every service I use because hacking is a real threat that no blogger or online publisher can ignore.

Thanks for sharing this information, it’s really helpful for me.

Enjoy your weekend Nicole.Cheers.

~Philip

By: Donny

Donny — Thu, 07 Mar 2013 14:54:02 +0000

My primary site got hacked a few months back. I think it was primarily due to not updating my WordPress install as often as I should. Now I use the OSE Firewall plugin for WordPress, which blocks a lot of basic attacks. I haven’t seen any successful attacks since.

By: Hythe

Hythe — Fri, 01 Mar 2013 17:37:34 +0000

The more popular a CMS becomes the more likely it will become a target for hackers. I’ve noticed (as will many others) many repeated login attempts using ‘admin’. I use ‘login logger’ plugin to monitor what’s happening and then a number of plugins including ‘limit login attempts’ to try to slow the hacking scripts down. And change my (strong) password of course…

By: Des

Des — Sat, 23 Feb 2013 04:34:26 +0000

Hi Nicole and Kim

This WP hacking issue has been escalating over the months and years. It has caught so many people in its trap. That’s one of the reasons why I’ve shied away from WP. And it’s a good reason why I’m sticking with my Mac app Sandvox.
I’m also on a couple of Facebook groups where there are a lot of unsuspecting WP users. So, concerned for their site security, I wrote a post in early December. Here’s the link if anyone’s interested. There are some ideas there that could be of use.
http://newtimeshomebiz.com/nthb-blog/all-things-technical/wordpress-vulnerabilites.html

You’ll see that my blog layout is quite different to WP. I use the Sandvox blog module that’s integrated with the overall site design. And it’s secure. No hassles at all with plugins, updates, and all the other stuff that’s necessary to secure a site. I’m not saying it’s 100% secure, nothing is, but I’m happy to stay with Sandvox.

Hope this helps, and I wish you the best in getting back into operation.

Des

By: Mad Guy

Mad Guy — Thu, 21 Feb 2013 16:33:40 +0000

Having a website hacked can not be any fun at all. I’m sorry you have to go through this and truth be told, 1 out of every 5 wordpress sites is hacked simply because admin is used as the login. The hacking software out there is very powerful and using admin as your login just solved 50% of the puzzle. Hopefully this will help:

First, never ever use admin as your login. Don’t use your first or last name as your login. That’s half of your password access.

Second, always use a minimum of 8 characters in your password and use not just a combination of letters and numbers but make half those letters uppercase and the other half lower case and mix them together.

Third, always use at least one character like this # or this * in your password.

So a very strong password might look like this (I3l0B8Mp#a)

Finally, always manage your own domain names and don’t count on someone else to do it for you. If you were able to hack into my domain management account, unlock my domain names for transfer, I’m still going to get an email asking me to ok that transfer. If you even try to change my notification email, I’m going to get an email telling me that my email is being changed and I promise you I’ll catch you before the 72 hour propagation period expires because if I never made a request to change my notification email, that’s a big red flag right there.

If you follow the simple rules above, your chances of being hacked or your domain name stolen rises to 1 out of 10,000 vrs. 1 out of 5 with weak passwords or admin as your login.

That’s your defense strategy. Offensively, always back up your WordPress blog and store it offsite (ie: Amazon S3) and constantly change your passwords to your domain registrar company. No one should be able to hack into your domain management.

All the best,
Mad Guy

By: Tina landa

Tina landa — Thu, 21 Feb 2013 04:19:11 +0000

Hi Nicole thanks for sharing Kim’s story with us! Hope all is fixed real soon! I also wanted to thank everyone for adding so many tips to help avoid the hacking problems that are so rampant!

~Tina
Be Blessed!

By: Shawn Dunner

Shawn Dunner — Wed, 20 Feb 2013 20:32:45 +0000

Hi Kim and Nicole,
I so wondered what happened to BuzzBlogger. One minute it was there and the next it was gone and all we could access was a chached version. Now you can only see a site that sells ebooks. All I can say is sorry that this has happened and it is great that you have been able to set up a temp site in the mean time. I hope it all works out for you and I will certainly be following all of your security check settings listed in your article. Because if it can happen to somebody as tech savy as you, then it can happen to anybody, and I sure can go through this drama. Thanks Nicole for getting the word out, about what happened. Shawn

By: Susanne Myers

Susanne Myers — Wed, 20 Feb 2013 18:06:13 +0000

Nicole, thanks for sharing and Kim, what an awesome attitude. I’m very sorry this is happening to you. I’ve had two of my sites hacked recently as well and it is no fun to deal with.

You’ve mentioned some great tips and there is a bunch of good information in the comments below already. The only thing I’d like to add is to look at any and all scripts and plugins you have on your website. If you’re running WordPress make sure you keep both it and all plugins up to date. If you are running other software (like a helpdesk, self hosted shopping cart, membership site software etc.) on your site, update those regularly as well.