Chantal just contacted me to see if I had any suggestions regarding a hacking problem she is having. She is using WordPress — the latest version — and a variety of plugins, but her site keeps getting suspended by her host due to hacking issues. Specifically, her host keeps seeing the following, and it’s coming from a variety of IP addresses:

-httpd,nobody -DSSL
-php,[herusername]/home/[herusername]/public_html/blog/index.php

Aside from completely deleting everything, databases included, and starting fresh, I have no idea what to suggest. And deleting everything may be a solution, but it won’t help as far as diagnosing what caused the security vulnerability in the first place. Does anyone have any suggestions?

Last night, another blog of mine was hacked. When I say hacked, I mean that someone or several someones managed to access the home directory of my website, where all file are contained, and delete each and every one of those files. I was foolish enough to not have made backups of the files, but I was smart enough to make weekly backups of what really matters: the database that contained all entries, comments and general settings for the blog. It was annoying to have to re-download WordPress, install it and then configure things with themes, but at least my writing was saved. Saved for two reasons: the hackers didn’t bother to or couldn’t get to the database, and I had backups stored on my computer.

Learn from my mistake: always back up your stuff! Back up manually, or generate backups if your hosting account is with a webhost that uses cPanel, or another type of account management area that generates backups. If you are using WordPress, you can also make use of the WP-Backup plugin to automatically create a copy of your database and email it to you on an hourly, daily, weekly or monthly basis. For more information on that plugin, see the following article: WordPress plugin: WP-Backup.

This may seem like elementary level stuff, but please remember the importance of using hard to guess passwords, and changing them frequently! Furthermore, you should not use the same password for every single online account. If using a different password for every online account is a little too daunting for you, then at least group your accounts into certain categories and assign a password to be used for each category. For example, social networks, email accounts and blogging accounts are all categories.

So what makes a good password? Generally, a good password is one that is not easy to guess. Easy to guess passwords use common names, words, phrases and easy to figure out number patterns (birth dates and the like). A good password is made up of a combination of letters (uppercase AND lowercase), numbers and symbols.

Good password: sH00BOP@@19ehk2Q

Bad password: sweetcakes123

If you’re not sure how good your password is, use Microsoft’s Password Checker to give you an idea of whether it’s good enough!