If you’re my friend on Facebook then you might have noticed that few days back I wrote a status that my site BeepTheGeek got hacked. It was a very shocking moment when I opened BeepTheGeek and saw a big text on the home page saying:
I was very shocked to see that my site got hacked. Though the site is up now but today in this article I am going to tell you that how my site got hacked.
My biggest mistake
The super big mistake that I made was not updated WordPress from past 8 months. Yes, you read it right, from the past 8 months I did not updated WordPress. I was using the old version. This was the biggest mistake I made and that is why my blog got hacked. Lets move further and see what other factors are responsible.
My other biggest mistake
Using a lot of old version plugins : Inspite of using old version of WordPress, I did not care to update plugins also. I was using around 10-15 old version plugins. This is the other factor that was responsible for the hack.
Few other security factors that I think I might have taken
I wish I had installed LoginLockDown plugin : First let me tell you what this plugin actually do, it records the IP address and timestamp of every failed login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. Click here to download LoginLockDown plugin
As I was not using this plugin, so chances of brute force attack increased. This is a must have plugin & I recommend every WordPress user to use this plugin.
Changing the default username in WordPress : By default WordPress uses username as “admin”, it increases the chances of brute force attack so I recommend to change Wodpress default username.
I think that the above four factors are responsible for my site hack. If you’re a webmaster, just follow at least these 4 things in order to remain secure. A lot more to come on Security, so stay tuned, also subscribe to my blog for future updates on Website Security.