WordPress comprises two parts- files and database. WordPress core, plugins, themes, and uploads are saved as files. On the other hand, posts, comments, settings and users are stored as database. This article is a guide of how to manually backup WordPress database using phpMyAdmin. To know how to backup WordPress files check our article on how to manually backup WordPress files.

 

All WordPress posts, comments, etc are part of the database

 

Why backup your WordPress Database?

WordPress database stores your posts, pages, users and other information. In short, all the content you put up on the site. Without backing up the database you’ll lose all the content and users’ information  of your site. When it is time to restore all you’ll have is WordPress files with plugins and themes but no content.

 

How to Backup your WordPress Database?

Most web hosts have phpMyAdmin installed in their cPanel, so manually backing up your WordPress database is a simple 5-step process to download and backup the database on your entire site. In case you want to download specific files only, then you might have to go through a couple of more steps.

 

Steps to make WordPress database backup

Step 1:

Access phpMyAdmin through your cPanel dashboard. At this point, you’ll need to have your FTP details, username and password for the SQL database. Input the the username and password which was used to save your SQL database.

 

Input your your FTP details, username and password for the SQL database

 

Step 2:

Clicking on WordPress (or whatever is the name of the database you wish to backup) in the left hand column on your screen must reveal the tables.

 

Click on your database's name

 

Step 3:

Click on Export among the tabs on the top of your screen. This must reveal two simple options- Quick & Custom.

 

The Quick option

 

Choosing the Quick option would mean making the default choice to backup your entire database.

 

If this is not what you want to do and you want to backup specific tables, then you pick the Custom option. Here is where the options kick in. Having completed Step 2 you must now see a list of tables. You can select the specific ones you want to download and backup.

 

The Custom option

 

Step 4:

Choosing the file format of the database backup. You can do this, regardless of which option you pick in Step 3. Data is available in different file formats. You can choose the default option- SQL or pick any of the other formats in which to save your WordPress database. Click on GO and you are done.

 

Choosing the file format of the database backup

 

The download itself may take a few minutes depending on the size of your site. Remember, WordPress database backup covers only covers comments and users and so on. It is not a full backup of your WordPress site.

 

Backups are a means to an end. The end is always restoring your site. In your hour of need you should not have to fiddle with manual restores or deal with surprises. Backup both WordPress database and files and do one-click restore of your WordPress site with BlogVault.

 

Backing up your WordPress site means to backup both WordPress files as well as WordPress database. All WordPress sites contain both these parts. They store different sets of information and missing out on one or the other may mean that you’ll have a tough time restoring your site. While database stores posts, pages and users, among other things, WordPress files store all the plugins and themes, WP core installation, images and other files. In short, WordPress files are responsible for the look and feel of your site. Here, we show you how to manually backup WordPress files via FTP.

 

WordPress files affect the look and feel of your WordPress site

 

Clarification:

This article only deals with manually backing up your WordPress files using FTP. Backing up the WordPress database is a separate process; to know more about this process, refer to our guide How to Manually Backup WordPress Database Using phpMyAdmin.

Neither of these articles will help you restore your actual site.

Setup to Make WordPress Backups Using FTP

Let’s dive straight into it. To make WordPress backups using FTP, first you must have access to your site files. You can achieve this by setting up an FTP account. To setup an account, typically, you have to use ‘FTP Accounts’ via your cPanel dashboard. cPanel access is usually given by your web hosting provider when you sign up for the service.

Tip: If finding FTP Accounts in cPanel is proving difficult due to a cluttered dashboard then simply use  CTRL+F to make it easier.

To set up an FTP account you will need to input a login ID and password. Along with this, a directory will be created in your site files. Once you hit the ‘create FTP account’ button you must have access to your website files. (If you have trouble doing this then contact your web host service provider for assistance.)

 

Step 1: Install an FTP Client

In order to manipulate or act on the files you now have access to via your FTP account, you will need a tool. That tool is an FTP Client. FTP clients provide the interface for you to access your WordPress files. You can do so by entering your FTP account credentials.

For the purposes of demonstration, this article uses FileZilla. Download and install FileZilla.

 

Step 2: Manual Setup

In the case of FileZilla you’ll see a form at the top of the page to fill in your site IP address, your FTP account username, and password. Inputting these details and clicking on ‘Connect’ must allow the FTP client (in this case FileZilla) to connect to the server on which your site is hosted.

 

You can connect to your WordPress files via FTP

 

Once the FTP client establishes a connection you should be able to see your site directory on the right hand column- “Remote Site”. The left hand side shows the local folders and files (in this case, the files on your computer).

 

Creating a destination folder

 

Tip:

If you are not sure of which files you have to download then a useful guideline is to search for a directory containing folders such as “wp-admin” and “wp-content”. There will also be a bunch of files in that directory, such as “index.php” and “wp-config.php”.

 

Step 3: Create a Destination Folder for making WordPress Backup

Ensure that you have a destination folder on your computer to which you want to download the files. Usually it is best to create a new folder for each backup. It allows you to be organised and be more efficient when you want to restore from one of these backups.

You can create a new folder in the dashboard of the FTP client itself. Right click on the folder in which you wish to create the new folder and choose create new directory. Input a name for the folder and hit “Enter” and you’re done.

 

Step 4: Drag and Drop

From here on simply choose the WordPress files you want to backup by clicking on them. Holding the down the CTRL key when clicking will allow you to choose multiple files at once. Drag the chosen files from the ‘Remote Site section and drop them in the directory you just created in the ‘Local Site’ section. The download process must begin as soon as you do this.

 

The download will take a while

 

Fair warning… Downloading all the files may take a while. Grab a quick bite to eat or take walk. Before that ensure that your system has power and that your internet connection is stable.

If making manual backups it not feasible for you because of the time and effort it entails, then you can choose and WordPress backups services which automate the process for you.

You can not only track if all the files in your site and the tables in your database are getting backed up, but add/remove them to/from backups; and even download them whenever you desire. All by just clicking a couple of buttons- backup with ease and stay safe.

 

While it is easy to be online with a WordPress site, the real task starts after you are online. Do you know all the things that go wrong with your WordPress site? Read on to find out.

Every person wanting to start a blog or a small business has heard the words “you can be online in just 5 minutes”. This is true and this is what makes WordPress popular. However, very few people realize that owning a self-hosted WordPress site is the beginning. There are many things that could go wrong with your site… Right from accidentally deleting files, posts or plugins to a bunch of problems with your hosting provider.

 

A number of things could go wrong with your WordPress site

 

A WordPress site and its web host need to fit well together. Finding the best for your WordPress site might take some trial and error. Even if you do find the option with the least worries there are still many issues you can run into. The key lies in knowing what the potential issues are and finding answers to as many questions as possible from the start.  This is a list of many possible things that can go wrong with your WordPress site.

 

WordPress Host Hardware Issues

The hardware in a web host is one of the most common problems to arise. Everything from overworked hard disks, power surges, heating issues to natural disasters and accidents can cause hardware failures.

Usually, hard disks are said to be the hardware component to fail most frequently. It is not surprising because most hard disks (which are HDDs) rely on moving mechanical parts. This increases not only the probability of wear and tear, but also heating due to friction, and the rate of failure. This is true when compared to the alternative to HDD, the SSD. There are no moving parts, they are silent and reduce chances of heating too, but SSD cards are more expensive and have a high failure rate too.

Heating issues are generally exacerbated by outdated hardware or when there is insufficient cooling infrastructure. On the flip side, if a hosting provider stuffs a room with servers then the cooling infrastructure might prove to be inadequate, automatically heating the hardware as well as the environment. This increases the failure rate in hardware and more likely heating causes performance lags in servers and in turn in your WordPress site.

Something you may not pay attention to, is the location of your web host’s infrastructure and how prone that location is to natural disasters. If your web host is in a location that is prone to flooding, earthquakes or tornadoes then you might want to ask them about the preparations they have made in case of such eventualities. Even cases of heavy storms, lightning has hit data centres causing damage.

Not just natural disasters, even accidents can cause unexpected trouble, such as the freak accident in which an SUV crashed into a building knocking out the power generator of a data centre.

 

Your WordPress Site Is Hacked

WordPress not only the dominant entity in the CMS market now, it is also the fastest growing CMS too. This means that WordPress is big and here to stay for the foreseeable future. This popularity provides hackers a large target.

WordPress is open source software, dependent on plugins and themes and popular. All these points contribute to the CMS being a popular target of hackers.

While vulnerabilities on WordPress core are patched quickly, the security through transparency model means that anyone keeping tabs of WP news knows which vulnerabilities were found, where they were found and what is the patch. This system is just part of the deal when dealing with the open source platform- WordPress.

WordPress, because it depends on plugins and themes to make it extensible is also in an unique position because one of its biggest strengths is also the source of most of its vulnerabilities.

Remember, modern-day hackers are not targeting sites but have bots crawling the net searching for vulnerabilities. If you are not practising basic security practices like updating everything then your WordPress site is at risk.

 

Hosting Provider Issues

While creating a WordPress site may be easy, hosting it can bring up many complications. This is especially true for WordPress sites on shared hosting. On shared hosting, your server might be overloaded if your hosting provider hosts too many sites on your server affecting the performance of your site.

Apart from site performance and uptime you also have to worry about the name server going down, again your hosting provider getting hacked, your account being suspended by your hosting provider, or your hosting provider is going out of business.

 

Natural Disasters & Accidents

Hosting providers even today are affected by natural disasters and accidents. While your web host’s infrastructure may be built with disasters such as earthquakes, floods and tornadoes in mind, it might not be true for all data centres. The best defence, of course, is to ensure that data centres are not built in such locations. However, this is not always possible in the 21st century. The next best option is to be prepared.

This equally true for accidents too. Not only can accidents cause significant damage to your web host, they can also impose significant financial losses to both your web host and you as a WordPress site owner.

The cost of downtime is going up all the time because it not only means the accountable loss in transactions for e-commerce sites but also the more qualitative measure of visitors’ perception of credibility. If not as serious then you could simply lose visitors because there is no destination for them to see and with which to engage.

It is best to plan for a WordPress backup solution that is truly a disaster recovery plan. This means not only reduce or eliminate dependability on your web hosting service, their infrastructure or backups but also protecting your WordPress site from damages caused due to weather which may affect your web host.

 

Software Issues

WordPress is of course an open-source CMS which is extremely popular. This also means that a large number of novices are developing for/on it. Such processes make WordPress extensible and contribute to it is popularity, but also expose it to exploits.

However, along with security scares, bad code on WordPress themes and plugins cause the following compatibility and performance issues:

  • Compatibility with WordPress
  • Compatibility with the theme
  • Compatibility with other plugins installed on the site
  • Proliferation of plugins
    • Security concerns
    • Performance lag

Apart from all these issues, bad code might lead to the dreaded the ‘White Screen of Death’ too. Updating plugins and themes with bad code is one of the reasons for this to occur.

Updating WordPress Plugins & Themes

This means that updating, which is a necessary security step, becomes a serious concern for WordPress site owners. The site may stop being functional and depending on the seriousness of the issue availability of redundancies, your site could be down for hours.

In such cases you have few options that might ease your burden:

  • To start off with the basics making WordPress backups must be the first step of updating your themes & plugins
  • If you’re using a backup service that allows you to test your backups before you restore, then you can you can even use it to test updates before making changes to your live site.
  • Also, in case you make updates to the live site and it doesn’t work out for you, then you can simply restore a backup. This saves time that might have been wasted in figuring out which plugin is at fault for taking your site down.

 

Human Errors

With a self-hosted WordPress site, human errors can occur from two ends- you the WordPress site owner, or the web hosting company.

Site owners

Accidental file deletions

As a site owner, you may delete files, plugins, or even posts. Recovering these may be a difficult job if you do not have them backed up because not all web hosts make WordPress backups and among those that do, not all do it on a daily basis.

Not Renewing Hosting Contract

This seems like a simple enough point and in the modern world with email reminders, it seems like a point that shouldn’t be in this section but it happens often enough for us to not mention it.  In this case, you must know what your web hosting company’s policy is, regarding your data.

Hosting Providers

Accidental file deletions, or rebooting the system has been reported often enough now for it to be part of our checklist to test the efficacy of a given WordPress backup plan. Unlike individual site owners, when a hosting provider runs a script deleting a file or reboots a section of the data centre the scale of the consequence is much bigger. Don’t get me wrong, I don’t mean to underestimate the damage of a single business site losing all its customer and transactions related data. However, generally, errors by hosting providers tend to have a bigger effect in terms of scale than a single WordPress user deleting a post on their site.

 

Data Center Issues

A data centre can be divided into four parts:

  • Building shell
  • IT equipment
  • Electrical Infrastructure
  • Mechanical Infrastructure – Cooling infrastructure

A data centre may face the issue in each of these four sections/parts. Apart from this your data can be threatened when your WordPress hosting service’s data centre itself is hacked or hit by a natural disaster.

The building shell is obviously the first line of defence. It can regulate access and keep the inside equipment safe. The IT equipment is the very business of the data centres – this refers to the servers, storage and communication equipment. Servers and storage can fail either due to wear and tear, heating or power surges, among other causes.

Communication equipment like cables and switches is not easily visualized generally. A single cable not connected properly or knocked off during maintenance can cause a lot of grief. The same can be said of uplink failures, or when network switches fail or undersea cables get cut. A case when a network switch failed and took down four popular web hosting companies, is a good example of how of such issues cause serious enough damage for you consider them a threat to your WordPress site’s uptime.

We mentioned the importance of electrical infrastructure in the previous section. Equally important and closely connected to the electrical infrastructure is the cooling equipment and all the other non-IT equipment that the electricity powers.

If A Data Center Is Hacked?

If a data centre is hacked then your data may be compromised. What is not obvious is that you may not always lose your data to the hacker. There have also been cases when data centres have gone out business because of a single hack. This means even if your site may not be directly compromised, you might still have to find ways to secure your data.

The point to remember is that your data- your website and your backups are at risk even if your site/server is not hacked. Which is why you must have backups which are completely independent of your web host’s data centre.

Power Failures in Data Centers

The power supply is the cornerstone of a good web hosting. If there is adequate and constant power supply is then it powers not only the servers but all the other equipment required to keep the web host running- air handlers/cooling/heating/ventilation, lighting, UPS system and generators, fire suppression systems, alarm systems. Needless to say, a reliable web host must have adequate power backup which is tested and functional. If backups fall short then you might be looking at frequent downtimes which may add up to costing you a significant amount. Asking about your host’s power backup system may be an important factor in your decision-making process when the time comes to choose a web host.

Bad hardware— outdated power backup systems, lack of maintenance, and lack of testing for power failure are all part of reasons why a data centre may experience power outages.

 

Completely Independent WordPress Backups

It is obvious to think— “I have backups. My hosting provider does it for free! I’m safe.” This along with the addition of a moderate financial burden turns most people away from backups. However, ask yourself this— Can I access my WordPress backups when every single point mentioned above does go wrong? If not, then your WordPress backup is not a disaster recovery plan. It is as simple as that. The reason for this is that the functionality and security of your backups are dependent on your web host.

All WordPress backups have one purpose, WordPress restores. For this, you might want to rely on a comprehensive WordPress backup service which is all about restores, BlogVault.

 

WordPress has become the most preferred content publishing platform online, and its popularity is continuously growing. For hackers, this means a bigger target with greater payoffs. Are you, as a WordPress site owner committing basic security mistakes that make it easier for them?

 

Common mistakes Website owners make

 

WordPress is the most popular platform to build websites on, and its popularity has only been growing. The CMS has something to offer anyone who has ever wanted to own a website. The WordPress community is supportive, and consists of developers who can build anything in code as well as code-averse site-owners who are given a world of add-ons to make their sites extensible, and more functional.

 

However, maintaining a WordPress site comes with a number of caveats, which are difficult to navigate. The case is worse for new site-owners, since committing a small mistake could knock their site offline, or make it vulnerable to hackers’ attacks.

 

Knowing the common mistakes made, and avoiding them, is key to keeping your WordPress site safer. This is why we’ve come up with a list of the basic security mistakes that WordPress site owners and users make. Are you making any of these mistakes currently?

 

1. Not updating WordPress and its add-ons

Now while the rest of our list talks about mistakes to definitely avoid committing, this issue is a little more complicated. This is why we’ve chosen to get this out of the way right in the beginning.

Everybody talks about keeping WordPress Core and add-ons (themes and plugins) up-to-date, for the sake of security, as well as to add new features to the site. However, you as a WordPress site owner, have one good reason for not doing so– incompatibility.

Your WordPress site could break because of:

Updating WordPress Core

There are two kinds of updates on WordPress Core that keep it up-to-date with the best features, and security measures on the web.

  • Major updates (like 4.5 or 4.6): These add new features and functionality to WordPress.
  • Minor releases like Release 4.5.1 and 4.5.2: These are dedicated to security patches, and bug fixes.

There are a couple of catches with these releases. For one, it can be cumbersome to keep up to date with all of them. Version 4.5, for example, was released on April 12, while 4.5.1 was released 14 days later, and 4.5.2 was released about 10 days after 4.5.1. Secondly, while WordPress Core upgrades are designed to be compatible with all the previous versions; (even the first one), it doesn’t always work out that way. So when WordPress site owners update their WordPress core, their site crashes.

Updating WordPress add-ons (plugins, themes, and widgets)

There a number of problems you could run into while updating WordPress add-ons. Since the developers could be pressed for time or not have the expertise, they can’t make sure that their updates are compatible with every single version of WordPress. As a result, they could be incompatible with previous updates of WordPress Core. Moreover, even add-ons that are coded to be backward compatible might not be developed with other add-ons in mind. Lastly, add-ons’ updates contain significant security patches and bug fixes, which change the way they work and hence cause conflicts. One example of this was the security patch for RevSlider (a premium carousel plugin), that changed the way the plugin worked.

As a result, updating even just one plugins could cause your site to break. If compatibility issues between WordPress Core and an add-on are a concern, the safest route to take, would be to ask the plugin developer to release an update for the plugin, while also looking for alternatives that work with your other add-ons.

The key to keeping your WordPress site secure, is to update every part of your WordPress site. The consequences to your site, its data, and your site’s visitors are all too great to not update.

 

2. Buying/using bad add-ons

As mentioned, WordPress add-ons don’t necessarily have the stringent code quality or security measures in place that WordPress Core does.This is why it’s important for WordPress users and site owners to pay attention to pick a good theme/plugin. Every good add-on has one basic characteristic– it has has good code. But even if you don’t know how to judge the code of a theme/plugin, there are a few characteristics which you spot:

  1. They’re available via a reputed source: This means they’re on the WordPress.org repository, or with well-known theme/plugin seller, like Themeforest, Elegant themes, etc. Just as with material goods, buyers should be wary of a premium theme being available on a questionable website at a huge discount.
  2. They have good reviews and ratings from genuine, long-time users.
  3. They’ve stood the test of time: The longer a theme or plugin has been available, the more bug fixes and security updates they should have.
  4. They get updated often and have been recently updated (in the past 2 months) from the developer’s side

Installing a bad theme/plugin could have a number of consequences for your site, whether in a way that affects function (such as slowing down your site), or in a malicious way, such as sending spam mail on your site’s behalf. Apart from all this, having an add-on with malicious code on your site causes search engines to mark your site as malicious, and hence blacklisted.

 

3. Using bad login practices

There are a number of simple login mistakes that WordPress site owners make, from sticking with easy to guess credentials, to staying logged in on their sites. This makes it easier for hackers, who usually use bots (just like search engine crawler bots), to look for websites with vulnerabilities.

Sticking with the default username (admin) reduces the time bots need to crack your login credentials, by 50%. Combining that with the use of a weak password only makes attacks on the login page (like a Brute Force attack, or a Dictionary attack) that much easier. Once the bots crack your login credentials, the hacker can login as you, and legitimately perform admin-level functions. This is why it’s important to enforce good login practices, and secure your WordPress login page. A couple of other simple ways (and there are more ways) to protect your login page are renaming the administrator account to reflect a different username. WordPress site owners have to look out for legitimate ways to harden their login page though– some widely recommended practices such as  moving your login page to a custom URL, are unnecessary, and can ruin your site’s user experience.

 

4. Making every contributor to the site an ‘administrator’

WordPress sites have different system users with different levels of access, in order to give the site owner the power to assign responsibilities to different users. This also serves as a way to give those with fewer responsibilities, the access to only specific areas they need access to. This principle (known as the Principle of Least Privilege), is one of the basic elements of security on any system.

WordPress has five different user roles:

  1. Super admin or Admin: Has full control over add-ons, content, files, and users on the site. (Super admin is someone who has Admin access over multiple sites, and controls the network administration for those sites too).
  2. Editor: Has full control over content and files, can publish anyone’s content, and is allowed to add script tags for formatting.
  3. Author: Can only create, modify, publish and delete their content.
  4. Contributor: Can only read, edit and delete content. No publication rights.
  5. Subscriber: Can only read content. No other rights

So say you run a successful news website or a blog with a regular guest blogger contributing once a month… You would best assign the guest blogger the role of  ‘Contributor’ or ‘Author’.

Assigning the ‘Admin’ role instead, however, will put your WordPress site at a greater risk. Just imagine what would happen if they deleted a post by another author, a plugin or even an Editor by mistake!

Giving users unrestricted access could also allow hackers to exploit your site more easily. A good example of this kind of damage, was how TechCrunch got hacked by OurMine, a commercial security group that hacks accounts to publicize their services. The site was hacked using one of its contributors’ accounts.

 

5. Being a hoarder

Keeping old add-ons and users presents a number of opportunities to hackers. As a site-owner, it is only natural to experiment with plugins and themes. In the process though, it is easy to forget about unused add-ons in your site’s repository. However, since you no longer use them, you also don’t update them. This opens up your site to a number of exploits.

Forgetting to delete old users (especially contributors) long after they’re gone, allows hackers access your site legitimately after a previous hack (like a Brute Force attack). This is one of the ways WordPress site owners are hacked for a long time without even knowing about it.

 

6. Not checking past uploads

Similar to hoarding add-ons and users, WordPress site owners also fall in the trap of never cleaning out their Media Library, the uploads folder, or the includes folder.

Hackers know this too. This is why they could easily upload a hack-file that looks like an image, and execute a hack later. This is how a number of exploits on the TimThumb vulnerability were carried out.

This method could also be used to create a backdoor. So even if malicious code is removed, and the WordPress site is kept up to date, it will still be susceptible to hacks.

 

7. Not having a reliable backup solution to depend on

Having a backup solution for your WordPress site is paramount to security. Not only does having a clean backup of your WordPress site make it easier to restore your site in case of a hack or blacklisting, it also allows you to scan your site’s code for irregularities and fire-fight more efficiently. However, most WordPress site owners don’t realize that the solutions they’re relying on are not dependable, until it’s too late. Backups must be the perfect disaster recovery solution, so they should be fool-proof, and adhere to the best WordPress security practices. Not only should they be independent of the WordPress hosting service, but they should be independent of your site, be stored in multiple locations, and have both: WordPress files and database encrypted and backed up.

If your site encounters a problem caused by anything as disastrous as your hosting provider being hacked to the deletion of files, not having a good backup plan would lead to your site experiencing a long downtime or worse.

 

The mistakes listed in this article are basic, and yet widely committed by WordPress site owners. Keeping your WordPress site secure lies not in being sure of impenetrability (because there is no such thing as a perfectly secure site), but in making it harder for hackers to achieve their target.

 

If you commit, or have committed any of these simple mistakes in the past, the best way to ensure that there is no malicious code on your site, would be to invest in an intelligent auto hack cleaner for WordPress sites, like MalCare.

 

A data centre is a complex entity in WordPress hosting. Do you know the different parts of a data centre, what can go wrong in each of those parts, and how it can affect your WordPress site? Find out.

Many factors in different parts of a data centre and its operations affect the performance of your WordPress sites. This could be due to a number of factors from simple hardware failures, to a breakdown in the power supply.

Different parts of a data center and its operations affect the performance of WordPress sites

Breaking a data centre down broadly will help us to understand these issues, and what can go wrong, in a clear manner.

Parts Of A Data Center

  • Building Shell
  • IT Equipment
  • Electrical Infrastructure
  • Mechanical/Cooling Infrastructure

Operational & Other Issues

  • Human Errors
  • Hacks
  • Natural Disasters & Accident

What Can Go Wrong In Different Parts Of A Data Center?

Building Shell

Generally, little thought is given to the structure which houses the servers and all its accompanying equipment because its layout and design is the first line of defence against any errors. Right from setting up the perimeter as well as the first line of defence, to determining the amount of equipment that can reasonably be stocked in any place the layout of the building is the definitive factor.

The building and how the layout is designed within it can also effectively implement access control protection in the form of magnetic strip cards, registry, etc. These points are crucial to ensuring that your WordPress site is secure.

Access control must be a concern for WordPress site owners looking for hosting services. Otherwise, slip-ups like the one that occurred at Joyent (the case when an operator error rebooted the entire section of compute nodes simultaneously), will be a serious issue with which to contend.

Mistakes are bound to happen even when all the checks are in place because there will human, software or hardware errors. It is just that there are ways to reduce the frequency of such errors. However, you cannot always plan for accidents.

A driver in an SUV fell unconscious, and the vehicle accelerated towards the end of the road, hit a curb going aerial and damaged the wall of building knocking out the generator inside it. The building was owned by Rackspace and as result of the accident, clients had to experience hours of unexpected downtime.

IT Equipment

 

This refers to

  • Servers
  • Storage
  • Communications equipment

Servers

A host of hardware, software and operational issues can cause server failures. Hardware issues usually occur due to overheating, power surges and physical damage caused due to accidents or natural disasters. Software issues occur overtime if there is lack of maintenance or due to malware or viruses. Even if the equipment is not completely damaged such issues can cause your site to lag, delay your site load times, or your site pages may not load at all.

Storage

Hard disks have failure rates and along with heat, natural wear and tear, and power surges all lead to failure. This is true of all hardware equipment in data centres.

Communication Equipment

Communication equipment like a network switch failing can cause serious outages even though it is not an aspect of web hosting we pay much attention to.

Web hosting businesses are facing increasing demands to remain competitive and keep the prices down. At the same time, there is consolidation with a single company owning many brands of web hosting under it. So, downtime from a network switch failure can have a ripple effect, and can affect multiple hosts at the same time.

It is best to diversify your backups in multiple locations to avoid being caught by surprise when facing such situations.

Electrical Infrastructure

While the IT equipment represents the business of the data centre, electrical infrastructure is what allows it function. Electrical infrastructure refers to the power supply and power backup equipment. Much of the claims that data centres make regarding uptimes and site performance depend on the uninterrupted power supply. This means having effective and adequate power backups is crucial.

For a WordPress site owner, this information could help decide the hosting service to host their site on.

Power failures occur when the backup equipment is not tested- if the batteries are functioning and charged, if the power backup system kicks in immediately, etc. Otherwise, sites might go down unexpectedly leading to losses.

Mechanical Infrastructure

Mechanical infrastructure helps regulate the temperature and this plays a crucial role in site performance and determines how dependable your hosting service is. Unregulated temperature can have a serious impact on your site performance.

The rise in temperature can also occur when too many sites are hosted on servers. This overworks the cooling equipment in the data centre, and as a result, fans may fail and exacerbate the problem.

Asking your web host about the access control, power backup and cooling they have could be crucial to know the estimating site’s uptime and performance; especially if you have a large site with many media files.

WordPress Backups Are A Necessity

Apart from this WordPress hosting services face the usual problem of hacking. In this case, even if the vulnerability exploited was not on your site but your data centre is hacked affecting your site, then you could not only lose your site but your WordPress backups as well as any personal/sensitive information which may be stored on your site. Sometimes such losses are irreparable. Not simply because of the impact of the hack which itself may be severe but hacks have forced data centres our of business entirely. In such cases, you may not be able to recover your data at all.

While there are many specialized WordPress hosting services available and the number is growing, it is important that you ensure that your site’s backups are not stored on web host’s servers or equipment. That way you can access your backup even in the case of any such failure. This is simply a good way to make WordPress backups and increase redundancy.

WordPress backups are not a luxury but a necessity. While hosting service have gotten more efficient demand and competition has also grown. This especially true for WordPress hosting. With the growth of WordPress, the number of hackers targeting the platform has also grown. Added to these familiar threats, data centres continue to be affected by natural disasters and accidents.

It may be important to know where the data centres of your WordPress hosting service are located and how prone those locations are to natural disasters. In such cases, you may also want to ask your hosting service the kind of preparations they have in place in case of such eventualities.

Now that you know broadly all the pain points of a data centre and how it can affect your site, opt for a WordPress backup service like BlogVault which secures your backups and diversifies their location effectively. After all, redundancies are useless if they are exposed to the same danger to which your WordPress site is exposed.

We worry so much about performance of servers, PCs and other equipment, that we often forget that human errors have the potential to cause massive damage to WordPress sites.

Owning a self hosted WordPress site is tricky for many reasons. Some of the more entertaining points have to do with human errors. However, they can be just as damaging as data center issues, hacks or natural disasters.

There are many things that can go wrong in data centers due to human intervention, like loosely connected cables after maintenance or other operational issues. However, let us focus on a couple of common and simple ones that are also terrifying to all WordPress users. We have all done it and experienced the cost of it– accidentally deleting files, posts, plugins, users and their content, etc.

 

Human errors can lead to devastating consequences

 

Human errors can occur from two ends- one from system users using the WordPress sites; like admins, editors, and the other from WordPress hosting providers. With both, a common problem which may occur is that of accidental file deletions.

Human Errors by Users of WordPress Sites

Accidental Deletions

Accidentally deleting something on your site is scary. This may include posts, plugins, updates, users and may be even the entire WordPress site itself. When an admin deletes an user, they can also delete all the content authored by the user on the site.

Without backups these may be impossible to recover. We’ve all accidentally deleted files regardless of whether it was on a WordPress site or not. It is that the stakes are much higher when it happens on a live site. So always make backups after you add something to your site and before making updates or customizations.

Forgetting To Renew Hosting Contracts

Another error users make which often leads to WordPress sites going down, is forgetting to renew hosting contracts. This doesn’t seem like an obvious point but it happens often enough to merit a mention here. In such cases you will want to know what your hosting provider’s policy is regarding your data when the contract expires.

Some hosting providers keep data for a week others may store it for different periods of time. If you are too late in approaching your hosting service then you might lose your site as well as its backups.

Human Errors By WordPress Hosts

Accidental File Deletions

Human errors by WordPress hosts may mirror those by users like accidental file deletions but the scale of damage may be much greater. This was very evident when 123-reg knocked off most of their 1.7 million sites offline during a maintenance error.

The result of the error was that some users reported that they had lost access to all their data. A software company; a client of 123-reg at the time said that although the script deleted the servers and the websites of all their customers they could implement their disaster recovery plan because their websites were backed up. At the time, it wasn’t known if websites which were deleted would be restored. 123-reg’s website at the time told users that if they had local backups, then they should use it.

We know of other cases, such as that of  Joyent, when they rebooted all the servers in a section at once. The takeaway is that human errors are a part of most, if not all data centers. However, if you can have a disaster recovery plan that doesn’t rely on your web hosts then you can restore your site with ease and have very little downtime.

Emergency Power Off (EPO)

The Emergency Power Off button is generally used in case of fires or other emergencies to kill the power supply to the data center from a single point and contain the damage. Put in that context the EPO sounds like a good idea.

Guard Against Human Errors with WordPress Backups

However, when the EPO button is highly accessible it makes accidents inevitable. There have been cases of inspectors, delivery persons and even disgruntled employees pushing the button, and causing downtime. All this means that that there can serious unexpected power outages. In such cases, having completely independent WordPress backups with services like BlogVault makes this process easy and worry-free.

WordPress is the most popular CMS in the world. With WordPress powering 26% of the world’s websites it’s also one of the most preferred ways to publish content. What makes it so popular?

While there may not be a perfect CMS  (Content Management System), WordPress comes pretty close currently to being the best one. At least it is the most popular one by far. Search trends on Google show that there is considerable daylight between WordPress & other CMSes out there. This is, at least, to say that WordPress generates more interest than other platforms.

 

WordPress is the most popular CMS in the world.
WordPress is the most popular CMS in the world.

The popularity of WordPress represented by search trends is reflected in the usage rates of the CMS, with WordPress being used nearly ten times as much as its closest competitor, Joomla. While WordPress tops at 26.7% of websites using the platform, Joomla is used by about 2.8% of websites. This difference in usage rates only becomes more stark when you take a look at the market share of the CMS. WordPress has nearly 60% of the market share.

While the WordPress community across the world was growing, and more and more people were building WordPress sites for varied purposes, only the recent release of statistics has managed to shine a light on how big the CMS has actually become. About 26% of websites in the world are said to be powered by WordPress.

This number is said to grow to 30% in a few years as WordPress is not just the most popular content publishing option on the web, it is also the fastest growing  CMS. It is simply the most popular option for building websites. With this, the mission of “democratizing publishing” as Matt Mullenweg phrased it, seems to have been realized. However, this realization only seems to be the beginning of something bigger.

Here are some reasons as to not only why WordPress is big now but also why it is expected to continue to grow.

WordPress is Open-source

WordPress is an open-source CMS and will remain so in the future as well. With WordPress being open-source, a private company cannot decide to delete your content on their own, regardless of reason. This means that you’re unlikely to lose your content when you publish it using WordPress, such as in the case of Dennis Cooper’s blog on Blogger.

This means that WordPress is not only the most viable option economically, it gives you (the user) complete ownership over your content and and puts the power of publishing squarely in your hands.

WordPress In Your Language – Inclusive

WordPress communities have actively participated in translating the CMS into various languages. Currently according to WordPress.org, WordPress has been completely translated into more than 60 languages. Despite the fact that over 70% of WordPress sites are in English, translation makes the WordPress mission of democratising publishing a real possibility as websites and blogs can be produced in many, many languages and the platform instantly becomes relevant to a truly global audience.

Customizable

Although WordPress was largely seen as a blogging platform for long, it has been used to create  all types of websites. For this to happen not only is it important to have power over content but also the form in which it is published. WordPress was built to be fully customizable, and being an Open Source project, it welcomed contributions– core, plugins and themes, that made it flexible to suit different needs. This is one of the key reasons why the platform has become popular. Therefore, it’s perfect for beginners who want to start a blog on their own.

The showcase section of WordPress.org is proof of how effective WordPress has been for various purposes along with being a good blogging platform. You can refer to this resource to start your own blog.

WordPress Plugins & Themes – There is a plugin for that!

Themes help enhance the design and functionality of WordPress sites (header:image+text, body:video, sidebar:archive, footer:about company). They provide different templates. Plugins help customize these templates to add more functionality (to make header a carousel, to help site load faster), widgets usually help only appearance (eg: to add footer, sidebar to site).

Plugins and themes are what make it possible to employ WordPress is for building website for various purposes. This is also why there are so many contributors to plugins and themes. While many contributors are professionals, or companies, there is also a large community of amateurs and hobbyists working to make WordPress conducive for every need.

WordPress Plugins & Themes

Plugins

  • Plugin Repository -47, 211 Plugins
  • Downloads – 1,432,006, 605

Themes

  • Spoilt for choice
    • Thousands of free themes on WordPress.org
    • 85 commercially supported GPL themes
  • Themes for every purpose
  • Themes changed – In August 2016 – Nearly 2 million times

The interest in WordPress and growing repository of plugins and themes has also encouraged many third-party companies and developers to produce premium themes, plugins and services professionally.

Social Media

The power wielded by social media platforms is huge. One only needs to take a look at the number of users on social media platforms and their importance becomes clear; particularly for large businesses looking to find a portal to engage their target audience. There are more than a billion users on Facebook alone. Combine this with the growing importance of Twitter as a promotional and engaging platform for large business, and you realise why the ability to embed these posts in your WordPress is such a big deal. As this article on Business 2 Community mentions, “Twitter is the place to engage with companies: While just 20 of the of Fortune 500 companies actually engage with their customers on Facebook, 83% have a presence on Twitter— as do 76% of the NASDAQ 100, 100% of Dow Jones companies, and 92% of the S&P 500.”

Being able to provide an experience for users to engage with authoritative long form content & instantly share it with their connections in bite size form to start a conversation all on a single platform can be a powerful tool for businesses.

While WP gives users control over content it also understands that the real power of content is amplified through connections, which is what social media platforms are all about.

Embedded in WordPress

  • Twitter
  • Youtube
  • Flickr
  • Vimeo
  • Photobucket
  • PollDaddy
  • SoundCloud
  • Gigya
  • Google Maps
  • Slideshare
  • Dailymotion

WordPress Is A Rising Star

As more people use a platform, chances are that its following will increase because their interest has been roused. If so many people are choosing WordPress then there must be use value from the CMS. The continued growth of the CMS however can be attributed to the initial inklings that pushed them to use WordPress proving true. The scary or exciting part is that all the points that make WordPress useful are only growing bigger and stronger market-wise. We have seen this in the growth of the WordPress market.

People who contribute to the CMS:

  • Freelancers
  • Professional
  • Amateurs & Hobbyists

All contribute to the WordPress community and make it richer. There are also many areas for contributions with:

  • Theme designs
  • Website design
  • Building plugins
  • Content management

“WordPress Hacked!”: Strengths As Weakness

All this interest will definitely attract some unwanted attention too. It is already a concern for many that the top Google search suggestions for– “Is WordPress…” are “Is WordPress free”, or “Is WordPress secure”. The popularity of WordPress makes it a target for hackers or at least is perceived to do so. When a platform runs more than a quarter of all websites, the payoffs from being able to hack it will also be big.

All of these points make WP websites an attractive option for hackers. It is inevitable isn’t it  when a platform offers so many opportunities and is so popular that it will attract the those who are nefarious.

However, this perception of the most popular CMS, also being the most insecure one is simply not true. WordPress Core has been very secure, and more and more spotlight is being shone on hardening and securing WordPress sites than ever before. The growing market share and popularity has brought about the challenge of scale. It has converted WordPress’ most cherished tools– plugins and themes into double edged swords; if only in part. This is because most of the vulnerabilities exploited in the last few years have come from issues dealing with plugins and themes or WordPress site maintenance issues. Scale and an unregulated, fast-growing market have contributed to the many strengths and weaknesses of WordPress.

This is not mentioned as a warning sign but for the sake of spreading information. Awareness of pain points can lead to resolving or managing them more efficiently. WordPress is a community driven project & is based on informed users taking action.

You too can take some steps to put in place best practices for your website and not make it easy for hackers. Chances are that all it takes to protect you site is to make it a little bit harder for hackers, but it is interesting to see how many people miss out on the easy steps.

With all these points considered there is no doubt that WordPress is here to stay; and if anything, it will only grow bigger in the coming years. Being part of its community and this open source project may seem like a double edged sword for some, but if you stay informed and put in basic best practices in place then you will not only be safe with your WordPress site, but happy as well.

 

WordPress is the fastest-growing, most popular CMS in the world because of its user-friendly features, but this also puts a target on its back. Why is WordPress popular with hackers?

 

WordPress is a popular hacker target

 

Whether it’s a simple blogger writing about college experiences, or the Time Magazine, WordPress is the choice CMS for anyone looking to publish content on a website. And for good reason too: WordPress is not only Open Source, it’s extensible, flexible and it’s also supported by a community that actively contributes.

How popular is WordPress?

WordPress is currently the most used, and the fastest-growing CMS in the world. And according to data from W3Tech for August 2016, 246 WordPress sites were added to the internet every day.

 

WordPress' growth for August 2016, according to W3Tech's data
WordPress’ growth for August 2016, according to W3Tech’s data

 

By September 2016, this number had only increased:

 

WordPress' growth in September 2016, according to W3Tech's data
WordPress’ growth in September 2016, according to W3Tech’s data

 

This illustrates the rapid pace at which WordPress is growing, and that the rates of its use have continued to grow. Considering all the features that make WordPress popular, it’s not surprising how the CMS got to this position, and why it will grow more rapidly.

After all, the CMS is Open Source meaning that it is transparent to anyone who wants to learn how to use it effectively, while also offering a number of alternatives that help make it convenient, extensible and functional. What makes it the most popular amongst other Open Source CMSes like Joomla and Drupal, though, is the fact that it is more user-friendly. WordPress requires lesser technical knowledge than any other Open Source CMS, and is a lot simpler to use in that regard.

 

WordPress’ popularity makes it an obvious target

WordPress started out as a publishing platform that only needed basic technical knowledge to handle. This is what made WordPress popular. However, it didn’t stop at that. The more users it acquired, the more was created for it by the community. The add-ons created made WordPress more flexible, and more functional. This meant it became more widely used.

Data from W3Techs shows that of all the websites in the world, 54.6% don’t use a CMS at all.
Of the rest that do rely on a CMS (45.4%), WordPress powers 26.7%, meaning it is the base for 58.9% of all websites that run on a CMS.

 

WordPress is the most popular CMS according to W3Techs
WordPress is the most popular CMS according to W3Techs

 

Having more users than any other CMS put a target on WordPress’ back… similar to how the Windows Operating System was targeted when it was still new.

Back then, since the OS was so widely used, hackers targeted vulnerabilities that the developers hadn’t foreseen. This ensured that more users could potentially be affected by a single hack. All the hackers needed to do, was to ensure that the malicious files were made accessible to the users. With WordPress this isn’t a concern since all a hacker has to do, is to find a way to automate an exploit.

Most hacks are automated, which means they don’t need the hacker’s intervention. The hacker only programs a crawler bot to run malicious code when it finds vulnerabilities that allow it to run. The bot then replicates the exploit on other sites that have the same common vulnerability. This could lead to millions of sites getting compromised at a time.

 

Reason #1: Wide scope, more damage

According to WordPress, there are about  22.9 million page views on WordPress sites per month. This makes WordPress an attractive target for hackers’ attacks. The way they see it, the more the audience, the more the potential damage an attack can incur.

Hackers perform exploits for a number of reasons, so the scope of this damage can vary, but what they aim for, is to gain the most out of a single exploit; whether it is visibility, information or resources.All it takes to hit the jackpot, is one unique, undetectable exploit.

One example of this, was the case of TimThumb (an image-to-thumbnail resizing plugin) which was so popular that a number of themes had it bundled with their offering. So users didn’t even have to install the plugin for their site to be vulnerable. If they were unaware that theme being used on their WordPress site was using the plugin then they would be sitting ducks. When it was exploited, a number of users got hacked because they didn’t even know that they had the malicious code on their sites.

Moreover, with attacks like Cross-site Scripting (XSS), all it takes for malicious code to propagate, is people simply visiting the infected sites, or using them. Attacks like these maximise the range of the damage, and spread exponentially.

 

Reason #2: WordPress has all sorts of users

WordPress sites can host anything from a forum to an e-commerce site, with the help of add-ons (plugins, themes and widgets). This makes the CMS extremely popular amongst users.

Even those who are code-illiterate can perform basic modifications to their site, and publish content. However, what most users don’t expect, is the amount of work, and technical expertise it takes to maintain a WordPress site. Maintaining a fairly secure WordPress site requires great attention to detail, and perseverance, especially since simply updating an add-on on the site could lead to the whole site crashing. Not performing the update, on the other hand, would leave the site vulnerable to attacks. Users, therefore have to acquaint themselves with the basics of a WordPress site, such as the parts of a site, what they contain, and how to test updates before updating them… Or at least invest in a WordPress backup solution that is reliable, and sensible. However, since a considerable portion of the WordPress community of users doesn’t have the technical know-how or time required, they are easy targets. What makes this scenario worse, is the fact that a large portion of the community are novices who are ignorant of how hacks work, or what could make a website insecure.

Another factor to consider, is that WordPress users with the right amount of technical know-how they can modify their installations of WordPress to suit their needs. Those who don’t have the expertise or time, however, rely heavily on plugins for added functionality. This leads to vulnerabilities, since not every plugin or theme is coded according to WordPress standards. This allows hackers a lot of room– any one outdated plugin could be exploited easily. And again, if the plugin is widely used, then all they have to do to exploit multiple sites is identify the sites that use the vulnerable version and replicate the exploit.

 

Reason #3: WordPress has all sorts of developers

Since it runs on the Open Source philosophy, WordPress has everyone from the community contributing code to it, from novices to experts.

This means users who have only just started experimenting with code, contribute alongside hobbyists, expert developers, and third-parties too (who code premium add-ons made available on websites like ThemeForest). Every contributor can access resources from the community, such as the WordPress Codex, forums, and other websites, but there is no way to make sure that the contributors follow them. This obviously means there is room for error, which makes WordPress a low-hanging fruit for hackers.

Added to this, WordPress runs on a ‘security through transparency’ model, which means that everything: every vulnerability, where it was found and security patches are all announced to the community. Hackers, therefore, don’t even need to put in the effort to find vulnerabilities or how they work. All they have to do, is scan the WordPress community for news, and put two and two together to exploit websites that are still vulnerable. The situation is exacerbated by the fact that WordPress users, due to maintenance issues, don’t usually update to patches as fast as they should.

 

So is WordPress safe?

Going back to our Windows analogy, in spite of the system quickly adapting, people still perceive it as being insecure when compared to Linux-based Operating Systems. This is because hackers target it since it has the most users. The same applies to WordPress.

All of the reasons mentioned above do not mean that WordPress is in itself vulnerable to attacks; in fact, there haven’t been any major exploits on WordPress core because of how stringent quality control is with the core.

However, more vulnerabilities are reported on WordPress, because of how ‘security through transparency’ on WordPress works. This gives an illusion that the CMS isn’t safe, but to be fair, there is no such thing as a secure website. WordPress is susceptible to hacks because of a number of factors, such as the varied demographic of its user and developer base, but following simple security measures eliminate a number of risks, and entry points.

Since hacks are such a prevalent threat, the wisest security measure, would be to invest in an intelligent malware scanner and hack cleaner designed especially for WordPress, like MalCare.

 

The competitive hosting space and the increasing cost of downtime all mean that having your WordPress site down is becoming more and more expensive. A web host’s success and your WordPress site’s uptime are dependent on having reliable power supply and power backup.

 

Your website's uptime and your web host's success depends on a reliable power supply and power backup.

 

Nowadays, when power supply and data centers are the topics in focus, it is generally around the increasing demand for storage space, increase in power consumption by data centers, and thereby increase in carbon footprint, etc. This over and above the fact that data center hardware has gotten more efficient so have their operations.

However, WordPress site owners also have a parallel and pressing issue at hand. Data centers usually boast of 99% uptime or 100% uptime. This is because they are usually aware of the cost to site owners due to downtime. The data on cost of downtime is growing all the time and not only are business owners becoming increasingly aware of this point; so are web hosting services. Hence, the promises.

Apart from this, frequent downtime and delays in page loading cause users to forego purchases they would have otherwise made. This goes for the percentage of people willing to engage with your brand online as well. As a result your company’s online reputation takes a hit.

Although many factors go into delivering good WordPress hosting, it is dependent on having reliable power supply and power backup. This is because power supply is key to not only powering the servers but also the cooling systems that regulate temperature and security systems in the data center.

Power supply in a data center has to power

  • Servers
  • Air handlers / Cooling / Heating
  • Generators & UPS system(backup)
  • Lighting
  • Fire suppression system
  • Alarm system

While each of these components have their own set issues and failure rates, we won’t even get to that discussion without power supply and backup.

Parts of a WordPress hosting center’s power supply and power backup which can go wrong:

Power Supply

  • Power generator
  • Backup power generator

Power Backup

  • UPS
  • Batteries

The reason for a backup generator is obviously redundancy. Having a backup helps, in case the power supply fails. In addition to this, hosting providers have a power backup system with UPS.

Power outages can happen due to a myriad of reasons- from the expected, to the less probable ones.

  • Bad/Outdated hardware
  • Expired battery
  • Insufficient cooling
  • Natural Disasters & Accidents
  • UPS failure during maintenance
  • Not performing power failure tests

There is a need to perform regular checks to not only ensure that the hardware is in good condition but also that the system is functioning as expected.

Testing Power Backup Systems

Usually power backup needs to be able to power the entire data center when it is off grid or completely unplugged. It may take several hours before power supply is restored. Also, power backup needs to kick in as soon as power supply is down. Testing if the infrastructure in place is capable of this is important.

The boxes to Tick

Making sure the batteries are functional and charged is important. Batteries have a shelf life and a limited life cycle. They need to be replaced periodically. This comes under maintenance and good hosting providers always run these tests to make sure that the hardware and software in place to control these systems are functioning as expected rather find it out as a surprise during power outage. This means that testing the power backup system by simulating power outage.

Performing checks after maintenance or after replacing batteries also takes care of any loose connections or hardware issues that may have occurred during maintenance.

From maintenance errors to failures, accidents and natural disasters. You can’t discount any factor and must be prepared for all contingencies.

Failures: A simple hardware failure like a generator fan can trigger a power outage. When the generator is Amazon’s then clients Hootsuite, Quora and Pinterest experience difficulties. No data center is too big a name or too small in size to avoid experiencing issues with its power supply. It is good to be prepared.

Natural Disasters: Natural disasters almost always cause power outage. In the aftermath of Hurricane Sandy,  Peer1 employees had to form a human chain to carry fuel up 18 flights of stairs to their generators in order to keep the power on and ensure that the data center is up and running.

Accident: In another case a series of perfectly aligned coincidences resulted in an accident which knocked out Rackspace power generators costing the company 3.5 million dollars in refunds and its clients were left experiencing unexpected downtime for hours. (link to natural disasters and accidents)

Backup Your WordPress Site

The competitive hosting space and the increasing cost of downtime all mean that having your WordPress site down is becoming more and more unaffordable. Apart from just money, it can affect your reputation, SEO (Google Rankings), and increase drop off rates. This is the reason you will need to rely on WordPress backups with best practices, like BlogVault, to reduce dependency on your web host as well mitigate costs occurring from when your WordPress site goes down.

Getting your website blacklisted is always a bad thing. But as in any crisis, it’s always important to know what to do next, and how to remedy the situation.

 

Having search engines blacklist your site can be a harrowing experience.
Having search engines blacklist your site can be a harrowing experience.

If you’re a website owner, having your website hacked, and then blacklisted, is a horrendous thing to discover. Not only will have to deal with the consequences of the hack, but since your website is also blacklisted, Google and other search engines will stop crawling your site, and showing visitors warnings. This means you’ll be missing out on new searches, and losing your hard-earned reputation as well.

If you’re new to owning a website and the hassles that come with it, all of this might seem a little intimidating.

This is why we’ve chosen to give you most comprehensive guide to dealing with your website being blacklisted.

Here are just the basic steps if you’d rather have a quick run-through:

How to find out if your website has been blacklisted

There are a few ways to find out if your site has been blacklisted, or has been blacklisted because of malware on your site.

  • Enter the URL of your site on Clearinghouse, or sites like it: StopBadware is a site that works in association with Google to help owners of hacked sites.
    Its tool, Clearinghouse, lets you know if your site has been blacklisted or not, simply by entering the URL in its search box. Since it aggregates security information from major search engines and security companies, its list is up to date, and takes only a couple of hours to reflect new changes. Once you enter your site’s URL, Clearinghouse will check if there are records of your site being blacklisted, and will let you know accordingly:

    Checking if your site has been blacklisted is as simple with tools like StopBadware's Clearinghouse Search
    Checking if your site has been blacklisted is as simple with tools like StopBadware’s Clearinghouse Search
  • You could also enter your website’s name into Google and check the search results. If the descriptions for your website show a variant of “This site may harm your computer”, you’ve been blacklisted.
    A sample of a warning that displays when your site has been blacklisted as a result of a hack
    A sample of a warning that displays when your site has been blacklisted as a result of a hack
  • If you’ve verified your website with Google’s Search Console, they would have sent an email notification about finding malicious software (or malware) on your site, and hence blacklisting your site. Below is a sample of the email you will receive:

Dear site owner or webmaster of (site.com),

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below is an example URL on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

www. Site.com

Here is a link to a sample warning page:

http://www.google.com/interstitial?url=http%3A//site.com/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised

2) the site doesn’t monitor for malicious user-contributed content

3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:

http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be removed by visiting

http://www.google.com/support/webmasters/bin/answer.py?answer=45432

and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,

Google Search Quality Team

Why was my website blacklisted?

When hackers infect good websites with malicious code, the infected websites might collect banking details, contact or personal information from, or launch spam mail aimed at the website’s visitors. The infected websites might also be used to infect the visitors’ computers… depending on what the malicious code on your website was written to do.

Therefore, your website might have been blacklisted because it contains malware. Security companies and search engines blacklist sites that contain malicious code, in an attempt to try and protect the sites’ visitors.

What to do about my blacklisted website?

Once you find out that your site has been blacklisted, there are a few steps to make sure that your site is listed again:

Step#1: Access Google Search Console

  • If you don’t have a Google account to use the Search Console
  1. Create a free Google Search Console account if you don’t have one.
  2. Click on the “add site” button on Google’s Search Console and follow their instructions to verify your site.
  • If you’ve already verified your website using Google’s Search Console

As mentioned previously, Google would have already notified you about your site being unsafe, via email, with the steps to be followed in case you have been blacklisted. What it doesn’t explain though, is how to go about key points such as “remove the malicious content from (your) pages” and “fix the vulnerability”.

Step#2: Take your site offline, put up a page that says “Under maintenance”

This will help keep your visitors safe, and keep the attacker from wreaking more damage to your site, while you look for the malicious files on your website. You can take your site offline by doing one of the following:

  1. Going to your WordPress file directory and renaming the index.php file to something like indexold.php
  2. Manually adding a 503 redirect to your .htaccess file
  3. Changing the Privacy mode of your site
  4. Using certain plugins
  5. Contacting your web host and asking them to temporarily suspend your site

Step#3: Look for malware and bad files on your website

Vulnerabilities on WordPress usually exist on outdated versions of themes, plugins, widgets, and in WordPress directories that you don’t usually visit. This is why it can be difficult to detect a hack.

What you can do, though, is to update every outdated component on your site, and delete components that you don’t use. However, it’s not just enough to identify hacks… you have to clean out malicious files too. This is why identifying an intelligent hack scanner and cleaner is of paramount importance. You don’t want to get alerted by false alarms, nor do you want miss getting rid of any malicious code.

 

Step#4: Request a review for your website

Once you remove all instances of malicious code from your website, it’s important to inform search engines about your progress.

There are two ways you could go about this:

  1. Sending a review request to Google with your Google Search Console:In general, review requests to Google depend on the type of malware detected on your site.
    • Reviews related to phishing take about a day to process
    • Reviews related to sites hacked with spam usually need a few weeks to process since spam-related- hacks are usually tricky, and require manual investigation from the search-engine’s side
    • Reviews related to other malware will need a few days to process
  2. Sending an independent review request to resources such as StopBadware: This is as simple as entering your website’s URL in their ‘Request Search’ page.
    Requesting a review from StopBadware (we entered a URL to get this result)
    Requesting a review from StopBadware (we entered a URL to get this result)

    Once all instances of malicious code on your site are removed and your site is verified to be clean, all warnings will be removed, and your site will function as usual.

Step#5: Backup your website!

Keeping a backup of your WordPress site will keep you safe in the future. You could restore an uninfected version of your site, and then request a review, which makes the whole process a little shorter.

 

Step#6: Always perform a forensic analysis

Performing a post-hack analysis of your site will help you see the different openings for attacks that hackers find. If you’ve used a good malware scanner and cleaner, this should be easy. Finding these vulnerable points and hardening them will make your website a little less penetrable.

 

It’s never easy knowing that your website contains malware and could be a risk to your visitors. It also results in a loss of reputation. But getting to the root of the problem and eliminating malware can help keep you, and your website’s visitors safe.