You’re not alone if your site has been hacked recently. We’ve been hacked multiple times in the past few months. It seems that once you’re on “the list” you’re life is going to be miserable until you do something about it. So, do something about it is what I decided to do. Hopefully I’ll be good moving forward. Here’s what I did…and to preface, I’m not a developer guru, I’m a digital marketing guy with a technical background…big difference. Basically I know enough to get myself in trouble, which is what happened. Also, our site is developed on the WordPress CMS. Lastly, I utilized a developer to accomplish everything I mention in this post.
So, first, how did I know that my site was hacked? Well, I got this funky message when I went to my site in Chrome. Thank you Google! I was like “oh great…crap…shoot…dang…darnit…”
I jumped on the Google machine and did some crazy fast searches on WordPress sites being hacked. I found a bunch of information out there that made me feel a little better, mainly because I found out I was not alone. You know the feeling, if you’re in trouble it always feels a little better if your buddies are in trouble with you. Anyways, I found a great blog that listed many security measures I could take to lessen the potential for future hacks. Notice I said “lessen the potential for future hacks”. A few of those that I felt were most important were:
- Update to latest WordPress Version.
- Change your login password often.
- Block search engines from accessing the admin section.
- Protect your .htaccess file
- Don’t allow directory browsing.
- Secure your wp-config.php file. Duh.
- Prevent script injection.
Once I had this list I promptly shipped it off to “My Guy”. If you own a site you need a”My Guy”, unless, of course, you’re “The Guy”. I told My Guy we need to do all this stuff. He said OK but first we have to fix this thing. Oh yeah…good point. So, FORTUNATELY we had a backup of the site…probably the most important thing that we had done aside from building the site. The problem was our backup was 4 weeks old, which means our latest blog posts were not in there. The site is now restored from backup, and we spent a few hours putting our blog posts back into the site, making sure URLs were exactly the same so we didn’t have broken links.
After finding that nice list of security measures to be implemented by My Guy, I decided I needed to backup my site more often than “when I remember, and can get around to it”. Jumping back on the Google machine, I found a company called CodeGuard. It allows me to actively monitor and backup both my site and my site’s database. I connected the service to my site via FTP, or rather My Guy did, and now it’s monitoring the site for changes. If a change happens I get a notification via email. I can then say, yah CodeGuard that was me. Or, I can say no, that was NOT me and I want to reset the site back to before the change. Check out their video.
I’m here to tell you, if your site’s been hacked, or compromised, you’re not alone. There are many many site owners out there that are in the same boat as you and me; hacked. The good news is there are many many good Samaritans out there showing us how to fix our sites and improve our website security. I’m not sure I’m cool with calling Google a ‘good Samaritan’ but I know they’ve recently created a new help center to assist folks in recovering from being hacked, or, as Google says, compromised. Here is a nice video that they’ve put together to inform you of your options:
Don’t take your site security for granted like I did. Get your My Guy to help you beef up your site security, enlist in some good backups, and keep on keepin’ on. BTW, doing all this doesn’t make me feel like my site will never be hacked again…but at least I know I’ve taken action, and I can restore my site in a moments notice. That’s the peace of mind I need.
Now, I need a drink.