I’ve had an interesting few weeks fixing my blog. It was hacked. I suspect – though I have no direct proof – through my domain host CPanel account. Reading around the Internet, the host that I had chosen and had been happy with for a number of years had been victim to a server attack since early in the new year, and the account details of customers had been posted online somewhere. My CPanel password was relatively strong and not guessable (it wasn’t a dictionary word) yet a file was uploaded to my account via CPanel file upload. When I asked my domain host about it and how they think my account was hack they simply said via an unsecured script, and didn’t elaborate whether it was in my WordPress install or on their server. Anyway, after much cleaning and reinstalling – thank goodness I paid for routine site backup – I’m now back online with a clean site.
As a result of all this unwanted excitement I’ve made a few changes. Most importantly I’ve changed my domain host. I’m now with Bluehost, one of the few hosts recommended by WordPress themselves. I couldn’t be happier. It was an easy switch and I’ve now got more control than ever before over my CPanel account. I’ve also paid for BulletProof Security Pro plugin. I can’t recommend it highly enough if you’re a serious WordPress user. I used the free version for a while and liked it. The Pro version is just terrific and for the first time I feel safe in my WordPress bed at night. The owner Ed Alexander is so helpful. Please do seriously consider this plugin if you manage your own WordPress installation.
As an extra layer of security I now also use CloudFlare. I’m completely new to the word of content delivery networks and web application firewalls. It’s early days to know whether I’m benefitting from the claimed security and performance improvements, but the basic version is free with Bluehost so I’m giving it a go.
If you have any WordPress security tips and favourite plugins please let me know in the comments.