My Last Straw

If you wanted to find me last Monday morning, I was curled in the fetal position on the large chair in my bedroom crying. Why was I crying? Well, four days earlier, I received a message from Google stating that my site, Financially Blonde, had been infected with malware and if the problem wasn’t fixed immediately, I would be blacklisted. I had no idea what a Google blacklist was, but I knew it sounded bad and not like something I wanted to happen to my site.After a weekend filled with hours of calls between my hosting company and Sitelock, the company that was fixing my site, I thought I would start Monday off on a better foot, only to type in my company site, NextGen Financial, and see that it was automatically forwarded to an Isis site. This was my last straw.I could handle a weekend filled with trying to fix my blog, and I accepted the fact that I would miss my first Music Monday blog in 86 Mondays, but invading both of my sites was just too much, and this final attack was something even my hosting company felt was over the line.I honestly felt like I had been personally violated in the worst kind of way, and the worst thing about all of it was that I felt helpless for a period of time. My sites were under attack, the attackers were claiming to own the site through Google, and I had to sit back and wait for the behind the scene fixes to get into place.

Road to Recovery

Once I got myself out of the fetal position, though, I reached out for a lifeline that I desperately needed, and that was my blog friend, Grayson from Debt Roundup, who recently launched iMark Interactive, with the intention of helping bloggers like me.Within a matter of minutes, Grayson was on the case and began putting my virtual life back together for me. I can’t tell you how much his support and sense of immediacy meant to me; and I could not recommend his services more. Over what seems like 100 emails, he installed a new theme and cleaned up Financially Blonde and created a whole new website for NextGen whose files were so corrupt that they couldn’t even be saved.Between Grayson and my webhosting company, we put security measures in place to protect me in the future, and thank goodness for those measures because the second we re-launched NextGen, which had been deactivated for two days, it immediately got hit with multiple hacking attempts. It felt as though the offenders were lying in wait for us to come back online, but thankfully we came back online a stronger, more secure site.

What Happened?

Apparently all of this started with my WordPress theme, which was selected by the team that built my sites two years ago and bled into my plugins. The theme that the developers selected two years ago was no longer being supported and therefore as potential issues developed, no one was there to create the updates to fix the problems. I also had a number of outdated yet active plugins that opened themselves up for vulnerabilities on my site.According to my webhosting company, all of these issues started almost a year ago, and yet I had no idea they were happening until last week. I regularly updated my plugins and theme updates, and didn’t think anything of it. I knew all about SEO plugins and comment plugins, but I didn’t know about malware defense plugins. Believe me, after a week of the craziness, I now feel like an expert.

What Can You Do?

The first step is to make sure that you have a popular and well-supported theme, and you should never assume that the theme you choose today will still be a good choice in a year, so schedule regular theme check-ins so that you know that you not only have a responsive theme, but a regularly updated one.There are a number of plugins that you can implement to protect your site, a few that Grayson and others have suggested to me are:Plugin Vulnerabilities - This plugin looks at your installed plugins to see if any contain current, known vulnerabilities.Sucuri Malware Scanner - This is a free plugin that scans your site for Malware, but also allows you to "harden" your site to make sure those who do get in can't execute scripts in folders.Wordfence - You don't need Sucuri if you want this. This allows you to block IP addresses, scan for malware, and also limit login attempts on your site. It also allows you to block people who try to sign in with unknown usernames.My webhosting company offers Sitelock as an option for $48 for the year. I engaged Sitelock for my code cleanup on Financially Blonde as over 100 pages of code were impacted, and I was happy with their work, although, they weren’t extremely responsive on a weekend.Other best practices you should employ to protect your site include updating and changing your WordPress passwords frequently. I can tell you that now that I have these plugins in place, I see that someone or something tries to log into my WordPress site at least 8 times a day. You should also make sure that you are well protected from Google Webmaster level and that Google is sure that you are the true site owner. Once the hackers got into my site, they added themselves as authorized users in Google Webmaster and even got my site off the blacklist even though it was still infected.

The Final Results

At the end of the day, this entire experience cost me about $300 to fix the problems, six days without either site up and running, over 20 hours of personal time on the phone getting it resolved, 1 box of Kleenex for the tears and a small bottle of Advil for the headaches. Seriously, though, it was a painful lesson to learn, especially knowing that it could have been prevented. I urge anyone with a blog to take precautions and protect your site. It’s a minor nuisance that will save you major pain.

Has your site ever been hacked? What tools do you like to protect your website? What are some best practices you have for blog owners?