Yup, at the weekend, the DanHarrison.co.uk site was compromised by an Algerian ‘hacking’ team. However, despite good security practices, the site still got hacked. I followed the most basic rules, such as keeping all plugins and the main WordPress install up-to-date, as well as strong passwords. And I still got hacked.

Just to be clear, these are the basic security principles I always abide by:

• WordPress installation is always up to date.
• All plugins are updated pretty much as soon as they are updated.
• All database, ftp and account passwords are long and random (digits, characters, symbols, etc).
• No password is used for any other site I own
• File permissions are set at the most strict – depending on what’s required.
• I keep regular file and database backups. All automated to backup every single day.

However, despite all of that, I was still hacked. I am working my way through JT Pratt’s security guide as a basis for making the site more secure. Essentially I’m locking down everything I can. However, with having many websites, I want to automate it as much as possible to save me time. Just before you ask, someone I know with 0 plugins still got hacked.

There’s a high chance of getting hacked at some point because you’re running a dynamic website. However, doing everything you can to make it too much effort for a hacker is a very good idea. And if nothing else, make sure you regularly backup your website!

Updates

Here are some more useful security articles I’ve since discovered:

• WordPress Security Tips (more plugin ideas and advice)