If you have a high-traffic blog, then you certainly deserve congratulations. Unfortunately some of your admirers may be hackers who would like to ride on your success. In a way there is good news and there is bad news. The bad news is they may well try to hack in to your website. The good news is they may do it in a way where you won’t even know. However that is no consolation.
Perhaps one of the most visible case studies on that is the blog of Matt Heaton, the Bluehost and Hostmonster CEO. The Kakkoi website provides a good account of what has been happening there. At the time of writing this post, the blog is still hacked although you would not know by looking at it.
How Can You Guard Against Hacking?
In some ways security for your blog is similar to security for your home. Almost every home security system is crackable, given time. However if you have a fast response to any signs of a break-in, then you may significantly limit any damage that is caused. Indeed any potential housebreaker may decide to go for an easier target.
The same principles apply in considering websites and blogs. The article, Guarding Your WordPress Blog, suggests two main priorities for your blog security. The first is continuing vigilance, since many hacking activities seem to take place during weekends and holidays. The second priority is to ensure that your blog is as secure as it can be by upgrading to the most recent secure WordPress version and by hardening your total WordPress installation.
A Rapid Way To Spot Intruders
Expert hackers often attempt to gain entry without leaving visible traces. So how much effort should you put into searching for signs of entry every day? One method that will often detect such entry is to look at the source code for a typical blog entry. It takes a little time, but usually signs of entry are fairly visible given the pharmaceutical and porn links that are included in the code.
A more rapid way of doing such a check is to create a test page within WordPress. WordPress supports the creation of both blog posts and pages. Pages are entries that are not tied to a particular date. All that is needed is a test page with the title of ‘Test’ and the content of ‘test’. Such a page is generated by the WordPress software in a similar way to each blog post. If a hacker has been able to gain entry and modify the blog post content, then this will also affect the Test page.
If Mozilla Firefox is your browser, then you can do a very rapid check of your blog security. Just visit the Test web page. Clicking on the Tools > Page Info navigation menu choice will give you information about that Test page including its size in bytes. Unless you change something in your Theme that affects the header, sidebar or footer that size should always be the same. Such a check of the size of the Test page can be done in seconds as often as you wish.
Unfortunately in other browsers such as Internet Explorer, checking the size of the Test web page takes just a little longer. One way is to look at the Source code in Notepad and save this as a text file. You can then check the size of this text file. Each time you do this you should find the text file is exactly the same size. If you have a number of blogs to check, then you might be advised to keep Firefox available as your way of doing this check as rapidly as possible.
One small note of caution is that you should do the check while not logged in to your Administration Panel. If you are logged in, then the resulting page contains a few extra bytes. Equally if you arrange a rapid cache arrangement for your blog using wp-cache, then this may add a few extra bytes. However if you use the default value where web pages are not cached for more than 3600 seconds, then a daily check of the Test web page should not run into problems.
Conclusion
The simplicity and rapidity of this method of checking for intruders is such that a daily check is only a matter of seconds. If you feel that your blog is less attractive to a hacker, then a weekly check each Monday morning should be sufficient. If you make regular backups of your blog and of its database, then if ever you find that a hacker has struck, putting things back in order should not be too onerous.
Related:
WordPress Blog Hacked
Hacked: It Could Never Happen to My Site (Famous Last Words)
