As you all knew that my old domain AZBlogTips was hacked and stolen and this new domain would be my new home where I continue my dedication to affiliate marketing and make money blogging as committed. The task would be rather challenging when there are more and more bloggers joining the blog-sphere nowadys. However, with your continued support, BlogReloaded will rock again no matter when it can ranks high as AZBlogTips now.
After conducting an in-depth investigation internally and talking with my friends who are very experienced in terms of security, I would like to recommend you guys several tools that can protect your blog from external attacks.
Before going into details, let me confirm with you all that I will not be trying to get AZBlogTips back as eNom, NameCheap and GoDaddy have complicated procedures and it took me a lot of time and work for clarifications without any progresses. I feel tired of doing these things and I decided to start my blogging career with BlogReloaded.com.
Many bloggers have mentioned about how to protect your blogs from hackers but I will share with you what I have done after being hacked.
1. Use one time password:
To make sure that your blog is fully secure, my suggestion is to use one time password. You will only be one who can get this auto-generated password for every logins. There will be no fixed passwords then it is much harder for hackers to gain access to your blogs. I would recommend you guys to use One Time Password plugin which seems a great tool for secure logins. Another plugin would also be a great alternative is WP Login Security where all members even Admin would be given a one-time passwords with links to email and you have to click on that to confirm your IP to gain full access.
2. Use secure email services:
There are a lot of free email services out there and it is not hard to find one. Most of bloggers are now using Gmail which is very fast and simple, however, most of security experts advise us not to use Gmail for important things like admin email for blogs, PayPal or Domain…It is highly recommended that you should get a Hotmail account to do this as this email service is considered much secure than any others.
3. Use reliable anti-virus and internet security softwares:
It seems to be confused to all of us that which anti-virus tools are really reliable and trusted with great support. I can not say which is the best or worst but I will follow the crowd by choosing the big brands like Norton, McAfee or Kaspersky. Whatever tools you choose to work with, remember that you must update your tools on daily basis and set scanning schedule at least every 3 days. It is ideal to scan your PC on daily basis to have better monitoring of your activities.
4. Use different passwords for your accounts, emails and blogs:
The first reason that I have been hacked was from using one password for all services even my password was very strong with 20+ digits of combination. However, when hackers got it, everything would be gone. I learnt from what I have lost then I would recommend you that don’t use one password for all of services that you participated in. Try to use different passwords for each service.
5. Perform daily scanning & updates for your computer:
This was what I have experienced and you should never make this mistake again. I set daily updates for my KAS tool but forgot perform daily scanning until I found out that my Yahoo email password was changed with doubt. Then I immediately performed a scan and caught 3 trojans. These trojans collected information from my PC and sent back to hackers server. Remember to do regular scanning for your computer!
6. Never click or download email/files that email services filtered as spam:
If you are using Gmail or Hotmail services, you will receive hundred of unwanted or junk emails from someone that you have never known. Some of spammers and hackers are very smart and they cloaked senders’ email to spoof you with dangerous attachments. Most of reliable email services like Gmail, Hotmail and Yahoo would filter them into spam folders. I made a mistake by clicking on a message with an attachment from UPS service. I guessed it was tracking number for my checks but it was not. It could carry a trojan that affected my desktop.
7. Use password recovery by mobile phone instead of questions where possible:
Email services have several options for password recovery like answering secret questions or using mobile phone. Gmail and Hotmail supports phone features and you should use them if possible. Hackers can guess your secret questions but they can not use your phone to recover passwords. If your countries are not allowed to use phone verification, try to use the most challenging answers for your secret questions.
8. Don’t use default WordPress username:
This is very fundamental but many bloggers now still use Admin as username and it is much easier for hacker to find it out. WP 3+ now supports changing admin user at your installation. So, you should change admin username to what you think can be secure from hackers.
9. Never use null/cracked/pirated themes/plugins or softwares:
Many bloggers now can not afford premium or paid softwares and they usually choose cracked or hacked sources to get license. But, they never know that most of pirated softwares has malware and it can destroy your computer or play as a trojan to steal your passwords or credit card information. If you can not afford any software, try to subscribe to blogs where they usually conduct contests or giveaways to get it legally.
10. Never share passwords to anyone:
My advice is not to share your passwords to anyone even your family members. Why? You never know that they can place somewhere or accidentally posted it to their blogs that hackers can find out. Keep it secret for yourself!
11. Check your deleted emails:
Just in case hackers know your email passwords. They usually hack other services like hosting, domain or paypal where that email is used as admin login/user. They will unlock your domains and deleted all notification emails sent by providers to hide their activities. You will never know it until you check your deleted emails and things are then too late. I have been in this situation and I would recommend you not to empty trash but check it first!
12. Locked all domains and use Whois Guard services:
Hackers can not steal your domain if it is locked from your side. I have locked my domain but unfortunately hackers know my pass and email pass then he unlocked that I did not know and performed a quite transfer to other registrar like a legal owner. Keep an eye on your domain or pay some bucks to have Whois Guard service enabled for your domain names.
13. Never share hosting resource with anyone even best friends:
Many of my readers have asked me to share hosting resource with them with many reasons. But, I must say, you should never do this as they can be a messenger to hackers.
14. Be careful with any plugins you use:
Like previous article about WP Status Notifier, you should be careful using any free plugins. Not all plugins in WP directory are secure and safe for use. Take your own risks and check support forums to make sure it is safe!
15. Upgrade to the latest WP version.
Yes, TechCrunch has been hacked by not using latest WP version. You should upgrade to the latest version once it is released to make sure your blog is secure from hackers.
16. Your responsibilities:
You should pay attention to whatever you do to ensure your blog secure and you will never feel sorry for what you have done.
That is all what I will surely do after my blog was hacked and stolen. I have just taken most of these steps and I am going to complete the remaining in the coming time as some of them are paid services while my PayPal account has not yet been restored and refunded.
Good luck and I am happy to hear your suggestions too!
About Tinh Tran
Useful article!I’ve done all tips.
I suggest installing Ubuntu on Oracle VM VirtualBox to surf mail or login to important account. Ubuntu is very secure!
I have not applied any tips and I will do them now. I dont use Ubuntu operating system ever , I think Win7 security is pretty good
I am using Win7 Pro and I think that Windows or even Linux alone can not be 100% secure
Hi Tinh!
I think any operating system also has security holes, nothing is perfect both, do you think so?
Yes, I do @Trung. Nothing is perfect in my mind
Win7 is just good, not really perfect if you don’t protect yourself from hackers
Yes, I thinks so, too.
You are right, nothing is perfect
Good advice @Pumama and I will try Ubuntu sooner as it seems very new to me now
Thanks for sharing your experience, Tinh. All of us need to be more careful now.
Anyways, it is sad to say goodbye to azblogtips.
Yes, all of us don’t want to feel sorry for what I have experienced
So, your old blog is not stolen for nothing.
From now on, your blog (and other your online accounts) will be very safe and so do mine (as I read this tips).
Yes, he stole my domain with purpose as I mentioned in previous article that he requested me to pay $1,000 via LR
Good luck @Dana
just wondering why he just asked for 1000$?? I think with your traffic and backlinks, the domain could be sold with higher price
Of course my old domain is a good one and you can not buy it with $1,000 but with content. The only domain name can not be worth at that price. Buyers need an established websites with content not just a domain name
Very useful article Tinh. I think you can schedule the scanning task. It is easy to do with Kaspersky. In addition, a good Firewall is also a recommendation.
I am sharing my hosting account with my close friend who is living in Ha Noi and I think I will continue do it. My friend is using Linux only for administrative tasks for 5 years. He using Windows for editing photos and playing game. The Linux OS (Ubuntu is the best choice) is very reliable and secured when it is install on the virtual environment.
I highly recommend you install Splashtop, a fast and security OS that support Windows (as an application). You can do a search to find more information. I am also writing an article about it.
As I said above, any operating systems have its own advantages and disadvantages, however, it can not be 100% secure without support from other apps like anti-virus. Most hackers know every well the weakness of operating systems. You can share with anyone if you feel they are 100% trusted
I am still with Windows as I have been for last 10+ years. Hard to make a switch now mate but I appreciate your suggestions very much!
Hi Tinh,
A blog site being hacked by any hacker is a very shocking for any blogger. One work very hard to make a blog. S/he has to spend even enough money to make it up. I think a blog is like as a child of a blogger. So, how shocking losing a blog overnight, only the blogger knows. But your article must save thousands of us from being shocked. Thanks for your important post.
Yes, I see the challenges with this new domain but nothing is impossible right?
I will try my best to do with this new domain and hope to see new progress in the months to come!
Hey last night I could read half of this post. So back again to learn the threat and it’s prevention. I know, you must win. No good deed remain unpaid, and as you help lots of people by suggesting them, you must win all the difficulties. And I always wish this for you.
Mr. Tinh, I am a newbie blogger and I need some directive suggestion. Still I don’t have the ability to buy anything that cost even a penny. I want to earn online like others. I am also running wordpress for my blogging though it’s still the previous version. I couldn’t upgrade my blog because I don’t know all the process of backing up DB and Website. I need some help. As in earlier comment I have said, I have installed a ton of plugins. Here I need to sort them and I have to select the best short listed plugins which are obvious and can perform all the necessary task to run my blog. May I get any help from you? Thanks for writing for us.
Hey Rafique, shoot me a message via contact form and I might help you if possible.
Edit .htaccess file and deny access to all
Great idea and I will think about this too
For software that you download from the internet and you do not trust, you can always use a sandbox, to test it and see if it’s doing something wrong. You can, after using the sandbox, to see the created processes and new files, this way you can determine if the app has started unknown processes.
For wp, you can like someone already said, use .htaccess to deny access to everybody but your ip address, this way, even if they know your password, they wont be able to login in.
Yes, I should be rather careful downloading any kind of things from internet from now on. I appreciate your advice @Alex. It is very useful with me now
I only use an gmail to register free accounts. And use hotmail for another.
Agree with all tips but I think that you always need to vigilant.
Win7 or Ubuntu entirely maybe contain threats. I also use Win7, MacOS and Fedora but i don’t trust them. You only get safe by yourself.
Yes, great advice and I need to be more careful with my online activities now
Hi tinh.. Thanks for sharing.. very useful tips from you.. I like one time password plugin..
You can use it to protect your login as every time you login, a temporary password will be sent to you
We are using secure WordPress Plugin for security. Also hiding WordPress Version should be done.
I did this way now and hope everything is secure then
Great Tips really helpful
You are welcome and hope it helps
What I learned from this post: don’t use the same password in all of your accounts. Each should be unique.