Webmasters often spend so much time securing their database, their servers and their shopping cart software that they don’t pay much attention to their blog. Most larger sites today run some kind of blog, even if it’s just to let users know of new developments. It’s important to realize that this blog can also be vulnerable to security breaches.
==> The Most Common Way Hackers Break Into Blogs
The most common way attackers get into blogs isn’t through the blog engine itself. For example, WordPress, one of the most popular blog engines, is actually incredibly secure.
They tend to get in through security exploits in plugins or themes. For example, a plugin that you installed a few years ago could have been hacked in the meantime. The hacker can then just scan the web for sites that use that plugin, then automatically break in.
==> Common Types of Back Doors
Once a hacker breaks into a blog, it’s hard to get them back out. One of the first things most hackers do is install backdoors.
They’ll install backdoors in your PHP files that grants them access to your site again should you change your passwords. They might install backdoors in your databases or in other places on your site.
==> How to Prevent Blog Break-Ins
Start by updating all your plugins. Whenever a plugin issues an update, make sure you install it. Do the same for your themes.
Try to only install mainstream plugins and themes. If you find a plugin that has just a handful of users, beware. It’s not unlikely that there are security holes in the application that haven’t been discovered yet.
Most popular plugins are safe, because they’ve been tested by so many users and people have probably tries to break them already. Less popular plugins are much more likely to have untested security holes.
==> What to Do If Your Blog Gets Hacked
So if your blog does get hacked, what should you do?
First, identify the source of the break-in and get rid of it. If it’s a plugin or theme for example, get rid of it as quickly as you can.
Then look through everything in your system. Yes, you really do have to comb through all your files by hand. The attacker could have planted backdoors in just about any file on your system, including PHP files, Javascript files, .htaccess files and more.
Plug all the backdoors, then change all your passwords. Then carefully watch your systems to make sure the break-in doesn’t happen again.
If you don’t know what you’re looking for when you look through your files, bring in an outside consultant who knows how to get rid of these kinds of hacks. They’re quite common, so there are a lot of specialists you can bring in quite affordably.