You know that thing called Murphey’s Law? You know, if something can wrong, it will at some point go wrong. So here is little PJ spouting off at the mouth about how great WordPress is and how wonderful cheap GoDaddy hosting can be….and literally 5 minutes later (well maybe like 2 days later) I get this:

Wordpress can be hacked

It happened after I posted, usually after I tried to add an image. Then after a few hours it  happened every time I hit POST.

Blog Freak Out!

This went on for like a week as I was troubleshooting. Troubleshooting? How do you do that?

Here is what you do when you troubleshoot WordPress:

1. If you get an error, search that error code on Google. Google is your friend. Most likely, there will be forums up forums on how to fix it. Remember to type out the whole error message and put it in quotes.

2. Once you figure out what the problem is, assess if you can fix it yourself or if you have to call in the big guns.  Do you have to edit php, or is it just turning off a plugin or installing a plugin?

3. Most problems start with “Deactivate all your plugins” – it’s like the “did you check if it was turned on?” question when your internet isn’t working and you call your provider.

4. Back-up your database, your theme and your files (Database backup is usually done through your host, your theme would be through your FTP and your blog posts is through Tools > Export in your WordPress Dashboard)

5. If you are still having problems, sometimes turning of your theme might work, switch back to twenty-twelve theme just to trouble shoot, if problems still persist you might have to call for help, your host or someone who knows how to debug WordPress

6. Reinstalling WordPress can also be a quick fix, well not a quick fix, but a fix.

What I did, after trolling forums, was call GoDaddy. I always end up calling GoDaddy. A lot of the forums were telling me that it might be a  hosting issue. I spent about two hours on the phone with them and we figured it out…I was being hacked, constantly. I don’t think GoDaddy wanted to say “hacked” she just told me that  I was being accessed constantly by people trying to login to my site (attempted hacks). She sent me documentation on how to restrict access to my site, but that was about all she could do, because this wasn’t a GoDaddy issue, this was all in my court…(OMFG help!!!)

Now, if I was with a dedicated WordPress hosting, this wouldn’t be my issue, I would have paid someone to handle this for me. But, you know me, right. CONTROL FREAK EXTRAORDINAIRE! I live for this stuff… I knew I could do this. I hoped I could do this. For people that don’t want to jump feet first into permissions and access, Jane Litte has a few recommends for WordPress hosting that does stuff like security.

I deleted the Security Plugin I was using and Installed Better WordPress Security

The hackers laughed at me. I was doing most of the security that it did for me already. Nothing stopped. It did have some useful tools, like it blacklisted IPs after they had too many 404 errors, or I set it up that if someone tried to login three times and failed they would be locked out.

Some basic security to do, even if you do not install a security plugin:

1. Make sure you don’t have ADMIN as your login, or Root, have an original username

2. Make sure your passwords are STRONG — Uppercase, Lowercase, Numbers & a Symbol – Asshat4449$ would do it

But that didn’t help me, they were trying to login in at a rapid rate, no having a strong password would protect the strain they put on my database. So, I had to do a little more.

1. I went and changed permissions when accessing my WP-admin folder (instead of changing the name of the folder and screwing up everything on my blog – it could cause havoc) – I just added permissions and set up a seperate password. I did this through GoDaddy – signing into my File Manager at my host, I clicked the WP-ADMIN folder and clicked permissions. I restricted access to this folder with another password.

2. This added extra security but it didn’t stop the login attempts. Because people login into your site, using the wp-login.php file — and hackers know this. You have to restrict access to this file, or you’ll get the repeated attempts.

3. I had to change a file called .htaccess — and I had to change it specifically to restrict access to any other IP then who I wanted access. Editing your .htaccess file isn’t something that I recommend doing if you are a novice. This was the tutorial I used. I also used this one.

This stopped the login attempts.

What is the moral of this story? Install a Security Plugin.  I am not recommending Better WordPress Security at this time, I really trust ProBlogger and his tips — and these are the plugins he recommends. I’m currently testing them all on my system to see which works for me.

Good luck and I wanted to let you guys know why I haven’t been on twitter much, or answering emails as I should. This has been a little crisis of mine and I’m still trying to fix it.

Book Blogger News:

Sock puppets abound. Between Plagiarism and Sock Puppets and authors writing non-released fan-fic and selling it for profit I want to just bang my head against a fryer…

Happy Thursday Everyone! Have a great day, now it’s time to Talk Less, Read More, Blog with Integrity and if you have any questions that you want featured in a BB101 – ask them here:

[gravityform id=”3″ name=”Book Blogging 101 Questions”]