April 21, 2011
April 20, 2011
Despite taking great precautions your WordPress is almost SURE to be attacked today. Hackers abound. Be prepared to recover your blog!
Addendum. A hacker might not be able to prevent you from getting back into your blog (see steps below) but might put an offensive msg on your blog. That can be fixed by (a) install ANOTHER theme and see if it is visibile. That shows that your theme has been damaged. (b) Delete your old theme, and reinstall a fresh copy. Activate it. Back to normal.
Step 1: Download and backup whatever you can
Start a download from FTP, just to be safe (if you can!). This should not be necessary, since you should have an active backup system, anyway.
Hackers tend to change username and email of the blog user. Locked out of the blog!
Here's what to do if you are locked out of the blog.
Same instructions as below.
What is to be done if a hacker steals your password or otherwise hacks into the blog and prevents you from logging in? This happened to me on 26 March 2011. I suddenly found I could not log into sabhlokcity.com and was told that my password is wrong. Password reset would not work since the hacker had changed the email.
Fix the password (details here) (select user/ browse/ edit). In my case the hacker had changed email to something in france (?). I changed back to my email ID, then used the login screen to reset the password. Then go into the blog and change to another password.
Note the image of the hacked screen (I've BLANKED OUT MY USERNAME and other security information) but allowed the hacker's fake ID to be visible).
- All the tables in your database will appear. If not, click Structure.
- Look for wp_users.
- Click on the icon for browse.
- Locate your Username under user_login
- Click edit
- Check that your password is actually correct, and that MD5 is in the box.
- Click the 'Go' button to the bottom right.
- Test the new password on the login screen. If it doesn't work, check that you've followed these instructions exactly.
You will see
wp_die('Sorry, but you dont have the administrative privileges needed to do this.');
April 20, 2011
WordPress blogs are particularly finicky. A small change in php disrupts the entire system. Backups are absolutely critical. [Complete Word file]
A) WORDPRESS FILES
- WordPress Core Installation
- WordPress Plugins
- WordPress Themes
- Images and Files
- Additional Files and Static Web Pages
B) WORDPRESS DATABASE
C) ROOT FILES
ALL THREE MUST BE BACKED UP.
Regularly export the XML file containing the blog posts. This file is NOT backed up automatically.
ALL MAIN BLOGS are backup up using WP S3 backups (S3 backup widget: Automatic backup doesn't work) to Amazon S3 [up to 5 GB is free]. Cloudberry gives regular access. To that is attached a free Amazon website. Here is the post that describes it.
Limitations: Amazon backup doesn’t work well. Amazon backup showed 24 March but the data was restored only till 21 January. I don't know what's going wrong. Clearly the S3 Backup plugin is NOT working. That is a serious problem.
Periodically take a backup of the datbase using phpMyAdmin
There is NO system available to backup root files. You need to use FTP regularly. The good thing is that the root files don't change much. Second, you can restore them in desperate condition by deleting the WordPress installation and then reinstalling a fresh version.
A) Export function on wordpress contains all posts, pages, and comments.
B) I'm not sure if it contains the images.
C) It definitely does not contain various widgets or other settings of the blog