As I mentioned last week my site had major issues in the past week. I experienced an unusual amount of downtime from my host at the same time I found out my site had malware. To say Monday (and the rest of the week) was stressful is an understatement.
In layman’s terms the downtime means if you tried to visit the site it wouldn’t load. You’d get a message from your browser saying the site couldn’t load. That was for about 12 hours on Monday, and thankfully my host is back up and offered me free days of hosting for every hour my site was down.
Malware is worse. It means that a hacker found a way to get into my site and insert some code that redirected users to other sites that have a virus attached. In other words unbeknownst to me starting Sunday evening, readers were coming to the site and getting a giant warning from Google.
photo credit: Dominic Sayers
While I love to write and mess with my site on the outside, I’m at a loss when it comes to more in depth technical stuff like removing malware. I contacted two of my favorite tech people, Kat from E Design-Pro, and Mitchell from My Frugal Tech, who helped remove the malware and gave my site the all clear. I resubmitted the site to Google as being clear to remove the big warning readers saw when they came to my site. This process can take a day or two.
So, I waited. Google sometimes takes it’s time so Tuesday and Wednesday were spent waiting to see if the warning would be lifted. When it wasn’t, I realized something else was going on. I immediately went in and changed all the passwords to my site, updated my plugins, removed old software, and found some odd code that I managed to remove. I resubmitted again, but it didn’t work. By Friday I was in a panic.
Thankfully Mitchell was able to help on Saturday, the site got the all clear again, and continues to be clean. (knock on wood) Protection has been put in place to ensure this won’t happen again, and I learned some very important ways to keep this from happening.
Now I know not all my readers are bloggers, but there is also some useful information that you can learn from my experience.
- Use complex passwords. 10 or more characters and a combination of letters, numbers, and symbols are a good place to start.
- Do not use numbers in lieu of letters. For instance using 3 in place of e is actually tried BEFORE simply using letters.
- Start with a word or meaningful phrase, and shift letters around and add symbols and characters. You can also use a password creator to help. Whatever you do don’t use identifying info as a password like your mother’s maiden name. That just gives hackers an easier way to get into your accounts.
- Change your passwords regularly. Set a reminder to change them every 30 days.
What you need to know if you’re a blogger:
- Remove the ‘Admin’ user. This is the easiest way that hackers find a way in.
- Use a complex password on every means of entry to your site. FTP, your host, your domain company, and your login to your backend.
- Keep your software up to date. Older themes and plugins that aren’t updating are vulnerable to hackers.
- Remove anything you aren’t using. If you’re a plugin collector like me, remove any that you aren’t currently using, and again be sure your plugins are up to date.
- For more ideas on how to protect your site check out Mitchell’s top 10 tips to protect your WordPress site from hackers. If these seem too complex to implement yourself, hire someone who knows their stuff. I recommend Mitchell and Kat who are both professional and reasonably priced.
Unfortunately there are people who want access to your info or your website for their own purposes, so protect yourself so you don’t have to deal with the frustration and hassle of fixing the mess a hacker leaves behind.
Kelly
© 2012, Whalen Media LLC. All rights reserved. To repost or publish, please email Kelly.
