Our blog http://bloggerkhan got hacked. Frantically we called our web host, Web Hosting Pad (WPH). Luckily they were able to restore us from a backup they had. I must admit (sheepishly), I wasn't doing backups as I should. In fact they (WPH) responded very quickly and restored us without charging us extra. Many hosts charge $50 or more and that also if they have a backup. We had signed up with them because they had the best deal on hosting and frankly I didn't expect them to be so responsive. I was pleasantly surprised. Thank You WPH.
I would like to share the lessons I learnt. They may help you avoid a similar situation.
- Have more complex passwords and user ID's.
- Backup regularly.
- Learn how to restore from backups
- Call and email your host immediately if you get hacked. You need your host on your side.
- While you are going about restoration, upload a plain index.htm file to your root with the text 'System Down for maintenance'.
- Once restored, immediately change your blog's admin password as well as control panel / FTP passwords.
- Visually go through your directories and see if anything seems strange.
- There are a few other tools that can help keep you safe namely:
- WP security scan Plugin
- Login Lockdown
- WordPress firewall
- If you think you may not remember to backup regularly, find a host that does. Or, use an online backup service like Carbonite or Mozy.
- Say a prayer or two.
Despite all your precautions, someone still may get through but if you have good backups, you will be able to recover.
Good Luck!
