I got the scare of my www-life when I opened my browser to my blog’s main page and found an image of some sinister cloaked figure staring back at me. The page, as usual and in alignment with the inner selves of the hackers, sported a black background color and a guilty, sinister and pathetic low-esteem atmosphere.

I recall that I have browsed through a lot of pages elaborating on the importance of securing one’s blog from hackers. I have regretfully not taken these warnings very seriously as I thought that hackers would not probably take notice of my blog as, at the moment, it is small and only has a small readership (and thus un-important). Now, I realized that hackers, again consistent with their nature, do not have any sense of ‘values’, and so would devour anything, be it gold or garbage.

Some googling helped a lot in alleviating the problem. Within the hour, I was able to regain possesion of my wp dashboard. I entertained the idea that my host may have some weakness in their setup. My research returned a lot of complaints about Lunarpages being very unhelpful and apathetic to these kinds of problems saying that Lunarpages’ standard response is to say that security of websites are the responsibility of the blog owners and not theirs. When I wrote to Lunarpages about my experience, their support promptly responded with some advise on how to secure my blog from future attacks. Based on what I have experienced so far, I cannot right now blame Lunarpages to be at fault here as I do believe it is my fault that my site was hacked. My previous post had been about my cpu being attacked by some trojan or spyware (showing 100% cpu usage). I think the trojan had been spying on my activities and was able to retrieve the username and password to my blog.

I have just reformatted my desktop computer, and having had this first ‘hacked blogger’ experience, I am a little more cautious now with my surfing routines. I have also began to actively research on security measures I should take in order to prevent future hack attacks on my blog and my desktop. If you have experienced being hacked or you know some important security measures for hack-proofing your blogs, you may help shorten my research by suggesting it in the comments section. What did you do to protect your blogs? What plugins did you use? Are there certain files in my blog’s directories that I need to change, delete or watch out for after the attack?


  1. Sorry to hear you were the target of an attack, it’s a major pain in the butt, and is such a waste of people’s time for sure.

    I hope you don’t mind me dropping a link here James but you may find this post by Matt Cutts useful, http://www.mattcutts.com/blog/three-tips-to-protect-your-wordpress-installation/.

    I use Login Lockdown on my site to prevent someone (or a script) from continually trying to test random login information. I have it set to three failed attempts and then it locks down entry.

    Glad to got your situation resolved.

    .-= Karl Foxley´s latest blog ..15 Free Tools To Add To Your Online Business Toolbox =-.

    1. Thanks Karl for the links to Matt’s site. The tips there were very helpful although I have to say that the first tip was good only if you use just one computer for accessing your blog, and if your IP is static.

      Matt’s second tip I think is a must for all directories within one’s blog.

      I’ll take a look at Login Lockdown. From your description of it, it sounds like a sensibly necessary plugin for me now.
      .-= james_´s latest blog ..Stephenie Meyer’s Twilight Saga =-.

  2. My blog was once hacked too. You might want to check my posts about it. Depending on the type of hack, if there are signs of SQL file injected scripts, chances are high that hackers can just return to compromise the site as they may have access to it regardless if the login details are secured. These injected files are buried into the PHP files on the database so a clean install is a must.

    Updating to the latest WordPress version can also help.

    As per Trojans or viruses on computers are concerned, if keyloggers were able to penetrate your system, access to your online accounts are much worse. Spywares have that capability. I have but countless posts about it as well. My PC was then infected with Conficker but it was never successful enough to create an unlikely damage. It only happened to me because I recklessly turned off the anti-virus software on my PC for days.

    Sometimes we have to learn things the hard way thou. Small mistakes and inattention to detail could also lead to bigger problems in the future.
    .-= Mathdelane´s latest blog ..TinyMCE/Visual Editor Quick Fix for Self-hosted WordPress Blogs =-.

  3. Glad to hear all was soerted out. My blog was hacked some time ago and the response you got from the hosting company is very similar to what I received.

    I’m also a lot more careful where I browse and I make sure all my sucrity is up to date.

    1. Yeah George, sometimes we mistakenly think we will never get into this kind of trouble. Fact is, no one is exempt from the danger of hacking.

  4. My site haven’t been hacked before so it’s no worry but come to think that it is possible that it would come a time that my site will be one to be hacked it is much alarming. Hacking is rampant and for ordinary webmaster like me I don’t know much of things needed to do when it happen.

    Thank you for opening up this kind of post to be more aware and thanks Karl for the link you’ve shared this could be a very big help for me and to others.

  5. I hope you managed to get a screen shot of your hacked site. That would be a souvenir, hehe..

    Anyways, like Karl Foxley above, I use the Login Lockdown plugin too.

    Another thing is i you’re still using admin as your username in your dashboard, I suggest you change it to other ones. Admin can be guessed easily by hackers as the user name. Then use a combination of alphanumeric characters for our password. It should be a minimum of 10 characters.

    1. Screen shot? Yeah at first I was tempted, but I realized that I wouldn’t want to ever recall this hacker’s work. He even left his email address there too, which is another thing I would want to forget really quickly. Though it’s been awhile, the thought of it still makes some blood cells boil in me.

      My username was not admin. No, I don’t think he guessed anything. I believe he got it served in a silver platter from some keylogger or virus/worm that attacked my cpu a day prior to the hacking. Now, I’m so paranoid about it that I always have the Windows Task Manager open and the CPU Usage bar visible. Any deviation of the cpu usage even slightly above the normal levels makes me jump and get suspicious. LOL. 🙂

  6. So far my blog has been safe but I once had my forum hacked. It was so bad I just closed it down rather than go through it all again. Sorry it had to happen to you, and I’m glad you got it back.

    Going to check out that link posted to see what it’s all about.

    1. And I thought only wordpress blogs are easily hackable. So they even get into forums that easy? I’ve got a test forum (using a subdomain to this blog) that I left sleeping for a time and planned to activate it sometime soon. I’ll check it out too. It just might have been compromised too.

  7. That is really too bad but I feel your pain! Very much so… My blog has been hacked a of times, and other things like my facebook. WE have to be careful….don’t know who enjoys doing that to others…but no doubt, they are out there!

    1. Hi Lee! Lunarpages gave the usual advice about covering all possible security issues. On my own, like I mentioned in the post, I learned to change permissions on folders and files. I think the hosting company really had nothing to do with how I was hacked. It was all my fault. I got infiltrated with a virus that allowed the hacker to see my passwords and other data.

    1. Really? Thank you Rose. Thing is, all I’ve learned about security were all culled from some very useful posts on some good blogs out there. If I were to write on securing a blog, I’d probably just end up belching out links to the proper resources. 🙂

      But hey, I’ll remember that. I just might take you up on that offer someday.

Comments are closed.