THE BASICS. A few months ago Kotsengkuba’s blog was hacked by an unknown user. This also happened to me and Reyna Elena last 2007 at the height of a controversial issue. And lately, Mixed sent me a message asking for help because Gelay’s blog in Wordpress.com was hacked, deleting everything including her account. This seems strange because I never heard of a Wordpress.com account being hacked before since it is secured enough and is always updated by Matt’s team. My hunch was that the culprit may have found a way inside the account via the register field (which I will explain later in this series how it was possible) or the culprit may have found a way to decipher the password of the account through familiar words often identified with the author or the blog. This is the reason why Wordpress always insist that we should strengthen the password and change it regularly. Its not enough to update your blog to the latest version of wordpress, because no matter how secured Wordpress is, if you carelessly leave some holes for the hackers to enter, then your blog’s security is vulnerable and useless.

As for my blog, this was deliberately hacked by some entities three times already. This pushed me to a wake up call to aggressively and offensively defend my blog from these stupid hackers and spammers. You see, the magic word for hackers to succeed is “Open”. When they see an open opportunity, open file, open folder or anything that has been carelessly left open for others to enter in, they will surely succeed. So in this series, we will tackle easy ways to defend your blog. You’ll be surprised that the answer to this seemingly complicated question is just right under your nose. You don’t have to be a techie or an html literate to protect your blog. You only need to pay attention and shake a little of that common sense of yours. By the way, this series is mainly for for those who have self-hosted Wordpress blog (Wordpress.org) since these are the blogs which are often targeted by hackers. Part II will be applicable for both Wordpress.org and Wordpress.com Blogs or blogs that are hosted by Wordpress itself. So enough of this introduction, let’s start with the basics.

Let us first define operationally some technical words which will help you understand this series better:

CHMOD – The chmod command (abbreviated from change mode) is a shell command which when executed, the command can change file system modes of files and directories and can allow and forbid access to your files and folders. In this case, your files and folders of your blog.

FTP – File Transfer Protocol (FTP) is a network protocol used to transfer data from one computer to another through a network, such as the Internet. It is a file transfer protocol for exchanging and manipulating files over any computer network. An FTP client may connect to a FTP server to manipulate files on that server. Simply said, FTP are softwares or applications that helps you to modify the files and folders located on your webhost without actually going to the core of the server itself.

Step 1: Open your FTP Client. I’m pretty sure you already have an FTP client (software) since most self-hosted bloggers are already expected to use this because the passwords and detail for FTP usage are automatically sent to you by your web host. If you are not using an FTP client and you are accessing your file via the Control Panel of your account on your web host, then go there. Look for the icon that says “file manager” and go to that portion. I’m using the Core FTP which is free and unlimited

Step 2: Check your files and folders. Look into your folders and check if there are files present that should not be there or you may not remember installing. Before you delete an unusual file please DOUBLE CHECK if it is originally included on that folder since we don’t want to cause anymore damage on your blog. The most exploited and targeted file by hackers on my blog is the Index.php, the CSS stylesheet, the Single post.php and single page.php because these are the front liners of the blog. Destroying the codes or modifying any loops or functions (codes for php files) will cause error on your blog– either a white blank page or an error message.

Step 3: Check the file permission of your folders. File permissions are a set of three digit numbers that determines the accessibility of your folders and files. Modifying this can result into various permissions. I want you to right click any folder (in this case the theme folder) and select properties. A pop up window will show the current CHMOD permission of your folder.

Step 4: In the window, it will show the CHMOD permission of your folder. The default permissions of folders should be set to 755. By clicking the boxes individually it will give you a result of different CHMOD permissions. Unless you press the save or ok button, the changes will not affect the folder. So try clicking the boxes and learn or memorize the file permission when you click the boxes individually. Remember that the Column USER refers to your accessibility. The Column GROUP refers to a third party (either a site or a person) and the Column WORLD refers to everybody. The variable READ refers to an access that will only enable the folder to be read. The variable WRITE refers to permission to modify the codes or contents of the folder or file. And the variable EXECUTE refers to a permission to execute or save changes in the file or folder. The columns are variables are so important in determining the right permission for your file or folder. The default permission for folders is 755. IMPORTANT: ALWAYS SET YOUR FOLDERS TO 755 OR LESS. DO NOT SET YOUR FOLDER GREATER THAN 755 SINCE IT WILL LEAVE YOUR FOLDER VULNERABLE. HAVING SAID THAT, MAKE SURE THAT ALL YOUR FOLDERS ARE SET 755. NEVER SET YOUR FOLDER TO 777 UNLESS IT IS BADLY NEEDED. Plugins that will require a 777 permission will be discussed below.

Step 5: Do the same thing with your files, in this case, the files of your current theme that you are using since those are the files that are frequently attacked inside the blog aside form the database. Right click a file then click “properties”.

Step 6: The default permission of every file is 644 which means that everyone can read your folders and files but you are the only person who can write or modify it. It also disables the execution variable because we dont want you to accidentally save changes on your file that are unwanted. IMPORTANT- NEVER SET OR LEAVE YOUR FILE WITH A CHMOD PERMISSION GREATER THAN 644 IF YOU DON’T WANT YOUR FILE TO BE VULNERABLE.

STEP 7: okay I mentioned above that you should not leave your folders and files with a permission greater than 755 and 644 right? but it doesn’t mean we can’t change their permissions when its time to modify them for our blog. When modifying a file, always set the permission to 766 which means that you and the rest of the world have access to read it, you and the rest have acces to write on it but you are the only one who has the access to execute the changes. So in the event that you are currently modifying your PHP file, spammers and hackers can write and read your file but they can never execute those changes except you.

Step 8: To determine if your PHP files are secured to 644 permission, go to Theme Editor menu of you Design tab in your control panel of your Wordpress blog. Check the file you changed the permission. In this case, the main index.php file. We set the permission to 644 right? so when the theme editor of the index.php shows a message at the bottom (see below), this means that your file is well protected from malicious crawlers, spammers and hackers.

Now when you have the need to write and modify the file, set the permission to 766 and when you go to the theme editor, you should see a button that says “update file”. This means that you can now edit or modify the file until you are done.

Step 9: After editing the file, make sure that you return the permission to the default of 644 in your FTP client to prevent access by third parties. Again the message on the theme editor should appear beneath the field indicating that its already secured. A confirmation that the file permission has already been changed can be seen on your FTP client which somehow looks like this:

Step 10: so how often do we do the file permission changes? Every time we modify our files we change the permission. Analogously, its like opening a door when we want to enter a house, then closing and locking it when we are already about to leave. In this way no hackers can access your file or site. Only you have the power to access them. Below are the meaning of some of the file permissions. Never set your folders and files to 777 because its very risky.

Regarding plugins that need folders and files to be set to 777 CHMOD, please try to use them with caution and observe meticulously if there are unusual activity on your blog since they allow others to modify your file for you with your express consent through the 777 permission. Read first the comments on the plugins homepage and see if the plugin is safe enough to install. Some of the plugins that I used like the Guestbook Plugin has been the obvious cause of my blog’s hacking because it required a file and folder to be set to 777. Only later did I realize that hackers were modifying some of my files by entering on this open door set by the plugin. After the third time I was hacked, I immediately removed the Guestbook Plugin from my file and ever since I became cautious on my file permissions, I never been hacked again. All of the attempts to hack my blog during the previous months failed just because of this simple way of securing my blog through the CHMOD file permission.

Try it yourself. Check first your theme editor if there are files there that have the button that says “update file”. If your theme editor shows this button, try to hide it temporarily until you use it, by setting it to 644. Remember that if you will right a file, you should set it into a 766 mode.

NEXT ON PART 2: THE DEFENSE