Down Fluffy, down!

Your blog is an extension of you.

It learns as you do. When you need a break, it takes a break. And if it had a lower back it would probably hurt just as yours does.

You’ve spent precious hours, months, even years building your blog to what it is today. Though you felt guilty not spending more time with the family, you knew in your gut what you’re doing here is to help your family in the long run.

It’s morning and the sun is just beginning to peek over the horizon to wake the world up. You sit at your desk, turn on your computer while sipping your Kona coffee - life’s great. You head over to your blog ready to read and answer comments when suddenly your stomach tightens and you feel as though the oxygen has been sucked out of the room.

Your blog is . . . is not your blog at all. It’s a picture of some graffiti telling you you’ve been tagged by *this* group. Franticly you head over to your blog’s login page to see if you can fix it only to find your password no longer works. It’s gone. Someone has changed it.

Not something you’d like to experience, is it? Hopefully this will never happen to you; for some, I know it already has.

We are nearing the end now in our how to better secure your WordPress blog series (one more to go) and today I’d like to show you a way to take back control of your blog should you ever find the scenario above happens to you. Even though I’ve given some great advice in this series, it’s key to remember nothing’s full proof.

There are many ways to retake your blog, this post will detail one which should work pretty well.

The first thing to do is not panic. Assuming you’re hosting with a decent hosting company, your host should have at least one or two backups of your website stored away (eVentureBiz customers have a 7 day history full website backup).

Password Protect Your Website

The easiest way to make your website unavailable to anyone yet still allow access to it (so you can make changes) is to password protect your site. Within your control panel you should see an image much like the one below or at the very least, a link for password protecting directories. Enter the Password Protect Areas and create a new username and password for your root directory.

Now only you will have access to your website. From here you should notify your web hosting tech support (email through your control panel is usually quicker) and let them know what happened.

The easiest thing to do then is ask them to do a full restore of your website from the previous day. Then once that’s done be sure to quickly change your WordPress password to something really strong, undo your Password Protect of your website, and then implement the strategies I teach here in this series.

Sometimes, if not most, hackers are just kids with nothing better to do other than get into your system and change your password for a good laugh. Here’s how to fix that!

STEP 1: Log into your web hosting account and get to your database (you should be an expert dealing with your database by now).

1a) Log into your web hosting control panel and navigate to and click on the MySQL Databases Icon.

1b) Click the database your WordPress files are on and open it, then login to your database. In this example we are using phpMyAdmin as that’s what comes with eVentureBiz web hosting accounts.

1c) Open your database by clicking Databases.

1d) Click on the database again that WordPress is using.

STEP 2: Access your password and change it.

2a) Now that you’ve entered your database, look for your users table and access it by clicking the “Browse” button as indicated in the picture below (by default the users table is wp_users).

2b) Click on the pencil icon to edit.

2c) Locate the user_pass field. You will notice a strange string of characters in the field where the arrow is pointing to. This is your password. For security reasons, WordPress scrambles your password in what is called MD5 hash.

2d) To change your password, type in a new password as shown below and then click the drop down box just to the left and under the Function column. Select MD5 and then click Go at the bottom.

Now go back to your blog’s login page and you should be good to go!

As a side note, if you are unable to fix your website right away, you should send Googlebot and other search engines to a 503 Error page. This will tell the search bot that your site is temporally down and to come back later.

Why do this? Because if someone cracked your system and put offensive material on there, Googlebot might think you’re a spam site and blacklist you. And you don’t want that!

To return a 503 error code, log into your web hosting control panel and in your root directory create a .htaccess file (see setting up a .htaccess file) and paste in the following code:

Options +FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^.*google.* [NC]
RewriteRule .* /errorpage.php

After this is all done you can sit back, take a sip of the steamy sweet aroma-filled coffee, and breathe the uneasy fresh air that has slowly begun to return to your room.

And as for Fluffy, he go back to licking his butt and scratching on your couch.