Yesterday I presented to the Security Revisited event put on by the East Bay WordPress Meetup group on how to get your WordPress website back on it’s feet after it’s been hacked or infected with malware.
Last year I helped Patrice who runs Afrobella.com recover from a seriously nasty malware hack to her blog after Google told her she had been blacklisted. It was frustrating for Patrice, her fans and advertisers but I got the site cleaned up and hack free. Back in June I saw there was a call for WordPress security topics so I jumped in and said I’d share my experience as a case study for the group.
- How to tell if your WordPress site was hacked
- Why people hack WordPress sites (popularity, infect other computers, steal data)
- First steps to start investigating the problem
- How to backup your WordPress files and database
- How to scan your WordPress files for infection using Avira
- How to scan your WordPress site using Sucuri
- Tools and plugins to use to monitor your site for changes
- How I recovered the site of a popular blogger using this system
- and much more!
Here’s the presentation from the meetup:
People asked several questions during the presentation and I’m listing the resources I mentioned here as well as the recorded WordPress training at Udemy I’m teaching and the San Francisco WordPress workshop in February at Parisoma:
What hosting company do you recommend and why?
Rochenhost (affiliate link) – They do backups twice a day, respond to support tickets in 8 – 14 minutes, have Red Hat certified technicians and proactively monitor their shared hosting servers. Fast, responsive and solid.
What WordPress theme provider do you recommend and why?
Woothemes (affiliate link) – They keep all their themes up to date on a regular basis, they have great support and and active community of users, their framework supports patching security issues in their themes and they have a wide variety of flexible themes to fit nearly any WordPress site
What are the security / protection plugins you named?
- Simple History
- Exploit Scanner
- Akismet htaccess writer
- Audit Trail
- WordPress Hashcash
- Login LockDown
What was the link to the blog post you did last year on hacked WordPress sites?
Where can I read more about the TimThumb vulnerability?
Where can I get WordPress training online?
You can head over to Udemy which is now hosting my Build Your Own WordPress Website training for just $29. You get 8 hours of solid, step-by-step training on how to set up your very own WordPress website. Remember, the best part about using WordPress is that it is SEO optimized out of the box!
I just received a really nice quote from a previous client I setup on WordPress in 2008 because I asked him to share his story with a new prospective client who is still riding the fence on WordPress:
“I know that WordPress has been the best thing. Many changes I do myself which keeps the site fresh. It also keeps me interested in routinely updating since I instantly see the changes.”
Joseph L. Rapacki, Rapacki & Co Accounting (yes, that’s a WordPress site)
Where can I get WordPress training in person?
Glad you asked! I’m teaching a four week WordPress workshop in San Francisco this February at Parisoma called, Becoming A WordPress Master, and it’s going to cover all the essentials of WordPress. Great for people just getting started with WordPress as well as people who want to better understand how to leverage SEO, themes and plugins. We’ll cover new features in WordPress 3.3 like the HTML 5 drag and drop image upload option.
The cost is $120 for all four sessions and you can register here.
- WordPress Setup 101: Wed, Feb 1
- WordPress Tour: Wed, Feb 8
- WordPress Themes and Plugins: Wed, Feb 15
- WordPress Content Strategy and SEO: Wed, Feb 22
Thank you to Sallie Goetsch for asking me to speak at the meetup event and thank you to Anca of Techliminal for hosting the meetup! It was great to meet everyone and hear people’s questions about WordPress security!