The technology blog, TechCrunch, was hacked for the second time in 24 hours.
It’s unclear who exactly it was that did the hacking, or how they did it.
Here’s how the Register (the UK technology site) showed the defaced TechCrunch site:
Techcrunch Hacked
Even the BBC is covering the story.
TechCrunch on WordPress
Since TechCrunch runs on WordPress, it obviously heightens security issues for WordPress bloggers. There are a few basic precautions you can take so you’re not a complete sitting duck for crackers.
Security on WordPress
1. Make sure only your user can read your files
It sounds sort of silly. After all, why would any other user be able to read your files on your webserver? Actually, guess again. On most shared hosting servers like Dreamhost, which is what most blogs use until they really become big, users other than yourself can actually read your files given the default setup.
For most files, this isn’t too much of a problem, but you might be surprised to know that many PHP-based applications (including WordPress) set your configuration file to be “world-readable” (i.e. other users can read it).
I’ll be posting in detail on this topic later, but for now, I’ll just say that you can reset permissions to prevent other users from viewing your files by logging into your webserver’s shell and executing the following command:
chmod -R o-r *
The above chmod command changes the permissions of all files (*) recursively (-R) to prevent others (o) from reading (r) files.
2. Make sure you have the latest version of WordPress
At least make sure you’re running no lower than WordPress 2.9. WordPress 2.7 and 2.8 had some nasty loopholes that crackers were taking advantage of to create hidden user accounts on WordPress installations.
Recent versions of WordPress allow you to upgrade right inside the web interface so there’s no excuse not to upgrade.
But be sure you have a backup before doing so.
3. Back up your WordPress installation
If you do get hacked, it’ll be handy to have a backup from which you can restore your site. You should back up both your database and your WordPress files and uploads.
Again, I’ll go into detail about this later, but for now:
Backing up the WordPress Database
There are webhost-specific ways of doing this. There’s also a shell command that’ll let you back up a database. But the easiest way for the uniniated might be using the WP-DB-Backup plugin.
Install it, and you can backup WordPress within the WordPress admin interface.
Backing up WordPress Files
WordPress files include the PHP and other files within the WordPress application when you first installed it. It also includes plugins you’ve installed and photos you’ve uploaded, as well as your themes.
An easy way to back up WordPress files within the admin interface is the WordPress Backup plugin.
Otherwise, the way you back up files differs from webhost to webhost. Some webhosts, like Dreamhost, offer the ability to backup all your files in a single shot from their control panel. If yours doesn’t, log in with FTP and download all the files in your user account to your computer.
Of course, this means you’ll be downloading thousands of files. It’s better to create a single ZIP file, and download that single (large) file. I’ll be covering how to do that later.
Resources
TechCrunch hacking
http://www.techcrunch.com/2010/01/26/techcrunch-hacked/
http://www.theregister.co.uk/2010/01/27/techcrunch_hacked_again/
http://www.loudable.com/techcrunch-is-hacked-and-up-now.html
http://news.bbc.co.uk/2/hi/technology/8480467.stm
http://pinoytutorial.com/techtorial/techcrunch-hacked-january-25/
WordPress backup
WP-DB-Backup
WordPress Backup plugin
If you liked this article
If you liked this article, don’t forget to subscribe for updates!
Get updates by RSS (What’s RSS?)
Follow me on Twitter
![[del.icio.us]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/delicious.png)
![[Digg]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/digg.png)
![[dzone]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/dzone.png)
![[Facebook]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/linkedin.png)
![[Reddit]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/reddit.png)
![[Slashdot]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/slashdot.png)
![[StumbleUpon]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/stumbleupon.png)
![[Technorati]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/technorati.png)
![[Twitter]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/twitter.png)
![[Yahoo!]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/yahoo.png)
![[Email]](http://digitivity.org/blog/wp-content/plugins/bookmarkify/email.png)
Top Incoming Search Terms
"dreamhost hacked 2010" "dreamhost hacked" "wordpress 2.9" +hacked backup wordpress from uk2 best way to backup wordpress with dreamhost blog security, wordpress, hacked common way wordpress gets hacked common ways of wordpress hacking dream host wordpess security dreamhost + hacked + april + word press dreamhost + techcrunch dreamhost file security dreamhost hack dreamhost hack 2010 dreamhost hacked dreamhost hacked 2010 dreamhost security issus dreamhost wordpress config file hacked dreamhost wordpress hack dreamhost wordpress hack 2010 dreamhost wordpress hacked dreamhost wordpress hacked 2010 dreamhost wordpress security hack techcrunch hack wordpress 2.9 admin how to backup wordpress on dreamhost 2010 how to hack admin wordpress 2.7 how to register on techcrunch http://digitivity.org/ if wordpress blog is hacked, what changes to template is it safe to run wordpress shared hosting hacked again 2010 most common ways wordpress hacked шаблон как у techcrunch site:http://digitivity.org tech crunch template techcrunch database techcrunch blog plugin techcrunch gets copy techcrunch installed virus techcrunch plugins techcrunch template techcrunch webhost techcrunch wordpress techcrunch wordpress clone techcrunch wordpress hack techcrunch wordpress template 2010 techcrunch wordpress theme techcrunch wordpress theme clone techcrunch wordpress upgrade hack template install wordpess hacked uk2 hacked 2010 uk2 wordpress hack uk2 wordpress hacked which hacked techcrunch wordpress plugin wordpress "top commenters" + "hosting" wordpress 2.7 database hacked wordpress blog getting hacked again and again wordpress database techcrunch wordpress dreamhost hack wordpress dreamhost security wordpress dreamhost seo hack wordpress file security hack plugin wordpress hacked 2010 wordpress security dreamhost wordpress security hidden user wordpress security issues 2010 wordpress security ubuntu wordpress techcrunch hack wordpress techcrunch template wp-db-backup hack virusRelated posts:
- How to Serve Your WordPress Blog from the Root Directory If It’s Installed in a Subdirectory If your blog is the main point of focus for...
- Installing the cbnet Ping Optimizer Plugin for WordPress The cbnet Ping Optimizer Plugin for WordPress allows you to...
- Updating Your WordPress Blog Too Frequently: Avoiding Getting Banned from Ping Services When you publish a post, WordPress tells a number of...
- Ten Cool New Features in WordPress 2.9 The upcoming WordPress 2.9 release has a lot of new...
- Google Releases Skipfish Automatic Website Security Scanning Tool Google released a free website scanning tool called Skipfish. Skipfish...
Explore related content: backup, database, hacked, security, TechCrunch, WordPress, WordPress backup, WordPress security
ASTRO: Radiation oncology must focus on patient safety: MIAMI BEACH, Fla. – The 20th century was a golden age fo… http://t.co/eD2u3VHt
Thanks friend for the share. Was pleasantly surprised by your post. Your method of extracting the important bits shows a real eye for detail. Your writing flowed very nicely. Many thanks
I lately chanced on your net web web site and have been reading along. i thought i’d leave my terribly first comment. Nice blog. i’ll keep visiting this website extremely often.
I do accept as true with all of the ideas you have presented for your post. They are really convincing and will certainly work. Still, the posts are very short for starters. May just you please lengthen them a bit from subsequent time? Thank you for the post.
Excellent post. I used to be checking continuously this weblog and I’m impressed! Very useful information specifically the last phase
I take care of such information a lot. I was seeking this certain info for a long time. Thank you and best of luck.
My spouse and I stumbled over here by a different page and thought I might check things out. I like what I see so now i am following you. Look forward to finding out about your web page yet again.
This may not be the best place to request this, but I’m looking for a pest control provider within the pittsburgh area and have no method to find out who’s the most effective. I uncovered this company that is actually close to me and wished to see if any person has any testimonials on them. Priority Pest Control, 524 Ross St, Pittsburgh, PA 15219 – (412) 346-6413
You could definitely see your enthusiasm within the work you write. The world hopes for more passionate writers like you who aren’t afraid to say how they believe. At all times follow your heart.
I’ve been browsing online more than three hours today, yet I never discovered any attention-grabbing article like yours. It¡¦s lovely value sufficient for me. Personally, if all webmasters and bloggers made just right content as you probably did, the web shall be much more helpful than ever before.
You made some nice points there. I did a search on the subject and found most people will approve with your blog.
This may not be the ideal place to request this, but I am looking for a pest control company within the pittsburgh area and have no way to find out who is the most effective. I uncovered this company that’s actually close to me and wanted to see if any one has any assessments on them. Spectrum Pest Control, 3058 West Liberty Avenue, Dormont, PA 15216 – (412) 446-2802