If someone sucessfully attacks your blog and gets admin access, then untold damage can be wreaked. So you need backups now that you can fall back on in this case.

First, install WP Database Backup or a similar plugin. This emails you a backup of the essential database tables at intervals you set. Use this and save at least a few generations of backups so that if it takes you a week or two to discover the attack.

Also, make sure that you have a copy of the version of WordPress that you are running, plus your theme and plugins. Although for themes & plugins, as long as you have a written note of their names and where to download them, you should be safe! Lastly, if you are uploading media such as videos, photographs and images, store copies of these on your PC. Do not rely on the server versions!

If the worst happens and you discover an attack then a piecemeal rebuild is probably going to take a long time and might not clear out everything. Attackers will leave damage around the site hoping that you only find some of their work. They might leave backdoors into your admin hidden away.

So you have to be prepared to deleted everything and to roll back to your last known safe backup. This means deleting all WordPress files and the database and reinstalling onto an empty server, without any of the potentially infected database files. Effectively, you are creating a new WordPress blog, just using the backup files to reinstall the database and get back posts, comments, user id and so on.

Make sure that your backups are sufficient today!

Want to know how to do these or other security considerations? Come back again, or follow the blog security tag.

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)