Fear Of The Hack

With the problems I was having last week getting onto all my sites because of the server problems, I started thinking about what I’d do if my blog ever got hacked. Though I think of myself as small enough potatoes that no one would want to bother me, the truth is that people come here from all over, even if they don’t always write, and I do advertise most of my posts on Twitter, so whose to say some nefarious rogue might not decide to do a drive by hacking? Of course, that wasn’t my only worry. Three years ago I lost all my blog content when the host I was using had all of their servers crash. I was lucky that someone recommended going through Google to find all the posts, which had been cached; whew!

Well, that prompted me to go get the WordPress backup plugin, which I hadn’t done though I thought I had, and do a backup of all my pages for both blogs. I downloaded the file to my computer, and one would think that would be that. But the truth of the matter is that I have absolutely no idea what to do with that file. If I got hacked, or my host went down, or I decided to move to another host (still a possibility), how would I handle all my pages?

Out of the blue, I came across this post on Thou Shalt Blog titled The Day I Was Hacked, where the creator of the blog, Yan, talks about his blog being hacked, and then gives a 20 step process for how to put your blog back together. Of course, the first step is backing it up, and since I gave you the link above I hope you’re going there now (if you have a WordPress blog) and are going to use it ASAP.

Thanks for the tips, Yan; I feel safer already.

Iron Man War Machine Graphic Novel

Iron Man War Machine Graphic Novel

Price: $29.99

Digiprove sealCopyright secured by Digiprove © 2011-2012 Mitch Mitchell

21 comments on “Fear Of The Hack

  • Blog for Beginners says:

    Thanks for the shout, Mitch. It wasn’t really the worst as I have learned quite a lot from the experience so it’s a case of ‘blessing in disguise’.

    Just remember to do a daily backup and not a weekly one.

    Anyway, searching the Google cache is unheard of and I didn’t realize you could actually do that. Great tip.


    • Thanks for the comment, Yan, and of course for the original post. Your blog is new, but when it happened to me, I had over 160 posts to try to recover; that was irritating.

      Daily backup, eh? Have to try to remember that. 🙂

      Mitch´s last blog post..Fear Of The Hack

    • We do tend to write every day, so maybe that’s why. However, I can’t see me doing it every day either, I must admit, but once a week, since that’s how I run my antivirus, should work for me.

  • Blog for Beginners says:

    Backing up is a one-time effort. You set it right the first time and I have it sent to my Gmail everyday and everything just works behind the scene.

    We can possibly be doing it every day of the week, can’t we?


    Blog for Beginners´s last blog post..The Best 15 SEO Tools At Your Disposal

    • Yan, you’re saying that there are settings where we can have the process automated? I’ll definitely have to check on that one; thanks.

      • Blog for Beginners says:

        Absolutely, have it sent automatically to your Gmail and straight into your ‘backup’ archive..


        Blog for Beginners´s last blog post..The Best 15 SEO Tools At Your Disposal

  • Blog for Beginners says:

    Ooops, I was meaning to say, ‘We couldn’t possibly be doing it every day of the week…

    Blog for Beginners´s last blog post..The Best 15 SEO Tools At Your Disposal

    • Yan, I went looking for settings for the backup plugin, and I don’t see any. Are you using WordPress Database Backup, or something else?

      • Blog for Beginners says:

        Oh I’m presuming that you use that plugin and yes, I’m using WP DB Backup where you could find the setting under Manage > Backup > Scheduled Backup….


        Blog for Beginners´s last blog post..The Best 15 SEO Tools At Your Disposal

  • John Dilbeck says:

    Over the years, I’ve had many sites hacked, and usually it wasn’t a simple disruption to the database.

    In most cases the home page was modified to redirect to a page espousing the hacker’s political viewpoints and/or they used a large graphic and showed it over the main page, which made it difficult to get to the controls for the site.

    Sometimes this was done by manipulating the database and other times it was by gaining access and changing scripts and/or HTML files.

    (Unless there is a need for your blog to allow people to register, such as if you have a team of writers and/or managers, it’s safer turning that off in WP.)

    In most of those cases, it was not a simple matter of reloading the database.

    I closed my 21st Century Articles site after it had been hacked multiple times over a period of several months. It just got to the point that it wasn’t worth it. I have too many other things to do than play those games.

    Mitch, don’t think that relative obscurity (not meant as an insult!) protects us. There are scripts that search for sites running particular scripts that have security problems or other things that can be exploited. Some of the standard scripts that can be installed by Fantastico are regularly victims of hackers who find security holes or other exploitable vulnerabilities in the scripts. Since they are installed on millions of sites, they can be exploited more easily. That’s one of the reasons I’ll never again use PHP-Nuke to build a portal site.

    I’ve had portals, blogs, forums, and other sites hacked. One site was practically destroyed because someone gained access through a photo display script I was using.

    The point I’m trying to make is that just backing up the WP database regularly isn’t all you may want to do.

    On a regular basis, you may want to make a complete backup of your site so you can restore the theme, and the contents of any directories you may have created, such as images, sound files, PDFs, etc.

    To make this full backup (which does not include the WP SQL database), you’ll need to use FTP or a backup utility, if your host provides one.

    Many of my sites are hosted on HostGator and they offer CPanel, as do many other hosting services.

    In CPanel, just click on Backups, and then – under Home Directory – click “Download a home directory Backup.”

    On one of my blogs, that downloaded a 3 MB gz file that should have everything for that domain, other than SQL databases.

    On the same page, there should be a section called “Download a MySQL Database Backup” and it should show all your MySQL databases. One of those should start with “wrdp” and you can download the full database just by clicking that link.

    I use the WP database backup plug-in you recommend, but I also regularly back it up from the Backups page, too.

    Some of these databases can get rather large, which isn’t much of a problem if you have a fast broadband connection, but they can take quite awhile to download on a slow dial-in connection.

    Still, it takes less time to download the backups than it would to completely recreate the entire site if it were seriously hacked.

    Thanks for reminding us of what can happen and why we need to take steps to protect ourselves and make sure we have current backups that can be restored – hopefully – if necessary.

    Don’t ask me about the time I lost two weeks of work for 30 word processors when I was backing up to a misaligned tape drive. At some point, to be sure of the integrity of a backup, it has to be restored, and that always entails the risk of losing your work, too, if it goes wrong.

    One thing you may want to do now and then is to Manage > Export in your WP blog and export a full set of your blog’s postings. Then, if worse comes to worse, you can reinstall the blog, restore or reinstall the theme, and then import all the posts back in. I’ve used that successfully a time or two.

    (Now you see some of the reasons I burned out totally as a systems administrator a few years ago.)

    Maybe this will offer some more food for thought.

    Act on your dream!


    • Hi John; thanks for the insightful comment. I still don’t quite understand how they get in, but it almost sounds like the fancier you make your site, the more options you give these guys to get in.

      Thankfully, except for the blogs, I have copies of everything that’s on every one of my sites on my computer. That’s why I think it’s important to be able to back up the blog content, so that you can easily add it back if you get into trouble.

      Of course, it would be nice if all of us could be internet police and just track these guys down, wouldn’t it?

  • John Dilbeck says:

    You’re wise to have copies of everything on your computer.

    Now that I’ve switched over to using the automatic update plug-in, I have to remember to back up changes to my blogs to my computer.

    When my article directory was destroyed the last time, I tracked the culprit down to a local ISP in Egypt and turned over all my log files to the FBI.

    Never heard back from them.

    One of my other sites was destroyed by someone in Turkey. I submitted log files to the FBI for that one, too, but that was the end of it. I converted the site to a static HTML site and it gets some traffic and makes a little money, but not nearly as much as it was doing when it was an interactive portal.

    I’m going to be closing down most of my blogs before the end of the year. It’s just too much work to keep them active and handle security, so the ones that aren’t earning their keep will be discontinued. I closed one today.

    I’m not sure, but I think it was you who commented that I had very similar content on several blogs I was testing.

    Now, I’ve acquired the data to be able to choose between them and go with the ones that rank and earn the best.

    My life should get a bit easier after I get all that done.

    All the best,


    • John, yes, that was me, and I’m glad you’re consolidating your stuff. Also, you should check out my post on trying to code across browser platforms, most specifically for the comments by App; you might have some more knowledge about some of the things she said than I do; at the very least, I think you’d find it interesting, and I even mentioned you. 😉

  • Hacker Forums says:

    Most all blog hacks are from people not upgrading their blog software.

    If you don’t change your theme often, just backup your template one time, then create or download a script to email you a database dumb every couple days.

    • I actually got an email database dump, as a trial, but I have no idea what to do with it through email, as it came through with a lot of characters rather than a file, which is kind of what I was expecting.

  • If your emailed database was emailed to you directly, it’s probably not going to work. Normally you’d have the database file emailed to you as a zip attachment.

    The reason is, there are some special characters in these database dumps.

    If you want to try, use your cpanel phpmyadmin tool to re-import your database if you need to. I’d google phpmyadmin.

    UNiHacker´s last blog post..Blogrolling.com Hacked!

    • I had first done the download to my computer, which came in a zip file, but wanted to try one of the recommendations of an earlier poster. Email won’t work for me, but that’s okay, as I don’t mind downloading a file to my computer.

  • Work At Home Ideas says:

    Hiya Mitch,
    The topic of getting hacked seems to be with me since the day I got hacked. Well the threat is very real…real hack or self-hack (haha). Glad you got the WP Backup plugin. Were you able to get it sent daily to your email box like me?


    Work At Home Ideas´s last blog post..The Night My Blog Got Hacked

    • I tried it, Pater, but it doesn’t come to me in a file, but almost like a text message, so when it came in the email it was all characters and no file; weird, eh? So, I’ll keep doing it manually, I suppose.

Comments are closed.