3 Things You Must Do Before Leaving a WordPress Blog or Website Unattended

If anyone had noticed, we’ve been quiet lately. So quiet that we have left this website vulnerable to malicious hackers and spammers. You know their kind. They prey on unsuspecting blog sites and would grab even a tiny window of opportunity to mess with your blog or website especially when they see no updates have been made for some time.

We have to admit we have left this site unattended as though inviting the very lowlifers who destroy the world wide web. Yes, we’ve been hacked albeit very shortly and easily recovered.

We’re sharing now,

3 Things You Must Do Before Leaving a WordPress Blog or Website Unattended:

1. Make sure you have the latest version of the software you are using, in our case WordPress currently 2.7.1.

No website is TOO SMALL for attacks! We should know that when we had upgraded all of our WordPress blogs but this site from version 2.7 to 2.7.1.  The release of the latest update was on February 10, 2009. In March 9 we found this website hacked.

Fortunately, the good hacker wasn’t very good at hacking. That or we were lucky the hacker was subtle and only gave us a wake up call that our website is outdated and we need to fix it. The hacker only managed to hack the WP-config file and disrupted the website’s original design and theme and instead show this message: “There doesn’t seem to be a wp-config.php file. I need this before we can get started. Need more help? We got it. You can create a wp-config.php file through a web interface, but this doesn’t work for all server setups. The safest way is to manually create the file.” (see image above)

The weird part was that everything was accessible from the backend. We can log in to our Cpanel and the dashboard fine. All our posts, comments, themes, files are there. We can edit, add and do anything but when we view any page, our site is just gone and replaced with the message.

At this point we have beads of sweat forming on our foreheads with the realization that we have been hacked! How can that be? We’re only small time bloggers. Apparently it doesn’t matter to them. Websites are their playground and they would play with any sites. Naturally they would target unattended ones.

We can’t explain how they did it but we can tell you that PANIC will get you nowhere. Stay focused and be calm as you try to find ways to resolve the problem. If you think your safe bet is to call your hosting site for help- Good luck with that! We have tried with our host, Hostmonster and they weren’t a help at all and they caused us to be stressed even more!

This is the part where we bash Hostmonster for a poor technical support and are punching ourselves because we’re tied to them for the next 3 years since we already paid for the service to get some discount. (This is what you get when you cheap out on things and services!) Their online tech support are a bunch of rude, condescending, unsympathetic jerks who would leave you on your own and make you feel stupid.

And so we went to the good old reliable MR. Google and search for: “There doesn’t seem to be a wp-config.php file” as main keywords. Voila, all the answers are there for us! Please check with Google to fix your problem as this is a case to case basis and you might have to try one, two or all fixes to get your solution. That’s what we did- on our own without the help of our hosting service!

Had we upgraded to the latest version as soon as the update was released, we wouldn’t have had any problem with this site or with our hosting service! Do yourself a favor by upgrading as soon as a new release of your programs come out. It’s a hassle and some really don’t do it because they’d rather wait for the major releases like version 2.6 to 2.7 to 2.8 ignoring the version 2.6.1, 2.6.2 or 2.7.1. Consider yourself lucky if you don’t update and have not experienced being hacked but we say it’s only a matter of time before you will. We thought nothing could happen to us, we were wrong!

2. BACK UP. BACK UP. BACK UP.

We all know this. Everyone knows this. Back up is SOP in computer world yet we still fail to do it until something happens. We are lazy or we procrastinate.

Well if backing up is not your habit, you better make sure you back up BEFORE you take that long leave of absence from your website or it may be the last time you’ll ever see your website or blog when something happens to it and your hosting service doesn’t give a s**t. They could easily say, “well it’s not our responsibility to back up your files- we do it as an added service/courtesy but we don’t do it regularly. Sorry we don’t have a latest back up of your files. Good luck!”

Our back up is what saved us from the hack because we had to reinstall WordPress while keeping our themes, files and databases intact. Keep a back up of your entire blog’s folders in the Cpanel and backup your databases. Those two are located in different sections of your Cpanel, you must know how to access them and back them up. Back up the files in your computer plus make a cd or dvd copy of it for your peace of mind.

3. Have Akismet, Bad Behavior, Log-in Lockdown and other helpful plugins set up before you leave your site unattended.

These tools would help ward off at least some of the spammers and potential hackers lurking around. Head to the plugins section of WordPress to look for plugins that works for you. For other sites, Google search programs you can use to secure your website and remain safe.

There is no full-proof ways to protect our websites but just doing the three important measures will do wonders! Since the hack in March, this is our first login and so far so good.We have 500 comments under moderation which we have not looked into yet but we’re pretty sure 99% of which are spams. Thank heavens for select all and delete or mark as spam!

Our 4th thing to do is to just NOT leave the site unattended and at least impose a once a month check/update on the site! Hope everyone learn something from our oversights.