Our Website Got Hacked! Don’t Be A Victim!
Our Website Got Hacked! Don’t Be A Victim! Or:
“Don’t Do What I Did, Cause I Did What I Did, And It Didn’t Do Very Much For Me!” Did It???
I’ve been away from blogging and working with WordPress sites for some time now and I guess you could say I was more then a little “Rusty”!
“Moldy comes to mind”
Years ago all I ever had to worry about was getting spam thru WordPress comments, so I just made sure that I always ran the anti-spam Akismet plugin.
Well this time around, That’s what I started with, and I foolishly assumed that my WordPress had automatic built-in security along with my hosting company (who bragged about their security) So, I assumed I had nothing to worry about!
(HA HA HA HA!) I found out that this is not the case and I found out the hard way!
Please, don’t get me wrong, It could have been a lot worse!….but, it definitely got my attention and ruined our momentum of building a brand new website from scratch and getting some content up and running….
Looking back, I am actually grateful that it happened, when it did! Just think, we only had 6 actual posts up and online. It could have been hundreds or even thousands….and guess what? Wait for it!.. I had not run any backups
for over 2 months!!!
Advice for novice bloggers or worse, bloggers like me:
#1 BACKUP YOUR SITE WEEKLY OR EVEN DAILY!!!
If you have a crash or you happen to get “Hacked” It will make things so much simpler to recover from!
(Why didn’t I think of that?)
My hosting company, (At the time!) did have built-in security, and it was this security scanner that first alerted me that there may be a problem in “Houston.” They then contacted me with the news that my site had been hacked, they quarantined my site, and suspending my account! (Awesome security you can count on!)
They told me that when I had rectified the problems, cleaned my site, identified and closed any back doors or paths that allowed the hack to happen,
to contact them so they could verify, then they would consider UN-suspending my account! I’m not only “rusty”, but I am no expert, and had absolutely no idea what I was supposed to do!!!
Then I received notice from google that my site had been hacked and they were labeling my site as such, to warn readers to proceed at their own risk!!! (This was a big help and really put my mind at ease!)
I assumed that my hosting provider (At The Time) would take me by the hand and rectify the problem! NOT!!! I did not have a”Managed WordPress account”
They did however send me an “All Knowing” guiding list of things to do, that looked like it was written in secret Quantum code by Aliens!
They told me to contact “My Developer” (So I contacted myself! But Myself still couldn’t help!) I told them “I don’t have any “Stink-en developer” They replied “Get One”!
VERY FRUSTRATING! VERY CONFUSING! FELT HELPLESS!
Sure, there are companies out there that would and could fix this for us (FOR THE PRICE OF AN APPENDAGE!!!) Well, I’m a pretty stubborn guy, and I was determined to get this fixed without shelling out mucho dollaroos.
SO, I started researching………
We were hacked with something called URL injections, I found a free plugin called (Anti-Malware Security and Brute-Force Firewall)
installed it and ran it! It found over 9,000 urls that had been injected into my database to hijack search results, and send traffic via our site to certain other destinations.
To make a long story longer….
I’m not going into the boring details of how I tried to get the site totally clean, but, let’s say that I eventually had to delete the entire WordPress installation and it’s database, re-install a brand new WordPress install. I also had to
re-build the site from scratch….(Time consuming)
In the meantime I had to submit my site to google for a review along with a written explanation of how I cleaned out the hack, and how security issues were resolved. (Along with writing the sentence: “I will not be hacked again!” 1000 times). It took about a week to 10 days before they replied that our site was now clean and removed their warnings.(And told me I had nice penmanship!)
While I was rebuilding the site I made sure to block the google spider bot and all others from indexing my site via a robot.txt in the access file thru the file manager via c-panel.(I Know…just showing off my quantum alien code!)
Conclusion:
“Don’t Do What I Did, Cause I Did What I Did, And It Didn’t Do Very Much For Me!” Did It???
Here are my recommendations on how to not do what I did and help prevent such a hack before it happens:
1) Run a backup of your site monthly, weekly, or daily (depending on how active your site is)
2) Join Cloudflare a free cloud based security service
3) Consider installing the Wordfence plugin and scanning your site periodically
4) Consider installing (Anti-Malware Security and Brute-Force Firewall) and scanning your site periodically
5) Keep your WordPress version up to date (many updates are for security reasons)
6) Keep your plugins to a minimum, and keep them updated!(Wordfence will alert you)
7) Be sure you have strong passwords to your site admin and c-panel (change them periodically)
8) If and when you use FTP to access your root files be sure to use a SECURE FTP protocol!
Hackers are very sophisticated and determined today to make a buck (The easy way), at your expense, steal your content, or just for the sheer enjoyment of ruining your day and all of your hard work….MAKE IT IMPOSSIBLE or at least so darn difficult that they won’t bother…..Don’t be a Victim!
Mr. Man
PS: Here are links to the recommended plugins and programs in this article:
May 26, 2016 @ 10:42:29
Thank you for putting this blog about web site security. Very good advice!
May 29, 2016 @ 16:18:08
Great advice and generous of you to share!