I see a lot of sites get hacked a ton of different ways. This is a topic, that could go on for days. There are 3 major ways, that sites get hacked bad passwords, insecure permissions, out of date software. Hackers can use these 3 advantages to over come your system. There are a lot of different motives when it comes to hacking. Some people hack to steal, some people hack to deface and get revenge, Some do it to use your server to spam, some people just do it to see if they can.
The first is, People use poor passwords. This is the most common I see, when they get hacked. Using passwords with words and obvious numbers can be very easy to crack. The better you password the less of a chance their auto generating software will be able to figure it out. When your site is coolestd
omainever.com and your password is coolest678, you are gonna get hacked. Ty adding numbers and symbols and capitol letters.. i.e. 12cooC@lest! would be a lot better password. Try to avoid using things that have to do with you personal life. Believe it or not, a hacker will go through great lengths to hack your site. They will do back ground checks, and other things to find as much information about you as they can. Even looking at your face book can give them clues as to what your passwords are. Have longer passwords can help to keep people out. Also make sure that you don’t have any spy ware on your computer as that is another way for them to obtain your password and other information.
Another trick to avoid hacks is, not to use common user names. Using admin or administrator can be easy to guess and more than likely the first tried. Doing something like Ikeisadmin or ike1985 is a lot less obvious.
Another big thing I see is 777 permissions. A lot of people have problems with security programs and CMS’s and think that they need to have 777 permissions on a folder or file. If you file the file or folder 777 permissions mean that you have given the entire world, Read Write and execute privileges. Now that I can modify this file I can put malicious code into the file and then execute it. Using 755 or 644 is usually a much wiser option. There are very few things that need to be 777 on any system. Good rule of thumb is if you don’t know what the permissions should be then you should not change them. Most hosting companies or or system administrator can help you figure out what they should be.
The last and another on of the biggies, is out of date software. We have good hacker in the world that work to find vulnerabilities before the bad hackers do. When good hackers find these vulnerabilities, they report them to the developer to make a patch and fix the software. Once the patch is out now everyone knows about the vulnerability. The hackers can look at the patch and see what it does. Now they know, that version before the patch has that vulnerability and can exploit it to their advantage. If you didn’t apply that patch, then you are vulnerable. Keeping your CMS and other software up to date, can be a pain due to things not being compatible. But you really don’t have any other choice. Hackers will continue to learn and advance and to keep safe, you need to, too.
Major software on a server like PHP, Apache, MYSQL, and linux are a bit harder to keep up to date. PHP and MYSQL are the ones that you have to be careful when updating. Some of the code in PHP that you have used may be depreciated. You can still upgrade PHP but you will first need to make sure that your code will work with the newer version. MYSQL has changes that can be very damaging if your not sure that you will be compatible. It is a good idea to look at the change logs and make sure you understand what affects your site and/or your server. As long as there is still support for your version of whatever it should be OK. If the software has reached its end of life, then nothing is being patched. After a while the hackers are going to find ways in. Now that the developers are not supporting the software that leaves you with a big security hole. The developers have moved and and so should you.
Well maintained backups are the only way you can really keep ahead of the game. Although it doesn’t stop them, at least you will, have something to fall back to. Backups are extremely easy to take, test and restore. Also being redundant with your backups helps. Get a USB stick and keep a copy of your needed files on it and put it in a safe place. Don’t forget t update them or you may still lose a few months worth of work. Most hosting companies offer off site backups. If you have the only backups on the server it is possible that they will get hacked as well.
Thats my best advise when it comes to your blog getting hacked. If you think that something may cause security issues then it is probably best to do a little research to make sure that it will not cause issues. Google is a wonderful tool 
.
