Be hack smart on the World Wide Web
Let me start by saying that I love, love, love WordPress. However, since it is an open source content management system, you must be careful what you download and you must be vigilant with the management of your site at all times. My blog is just a very tiny guppy in the big ocean that is the World Wide Web. So, how shocked was I to learn that my site was hacked? Honestly, I didn’t think it would happen.
It took me 4 weeks to completely clean my site. I am not a computer programmer. I don’t know code, it all looks gibberish to me. I don’t have deep pockets to pay someone to help, but I got through it and here’s what I learned in the process.
Update, update, update
Update WordPress, themes and plugins in a timely manner. I believe (though I’ll never know for certain) that the hacker got through a vulnerability in my theme as it was not updated. This was a conscious decision I made as each time I updated the theme, it would reset my settings back to default. It was a royal pain but not close to the pain I felt having to fix the mess the hacker created.
Go with a paid theme
I should have known better, but at the time I started my blog, I was excited that there were so many free themes to choose from. I didn’t need all the bells and whistles that came with paid themes, so off I went to download different themes to see how they would look. What I didn’t realize was that free themes have more vulnerabilities than paid ones that makes them less secure. After some research, I switched to a paid theme by StudioPress and I couldn’t be more pleased.
Install a plugin that scans your files
Plugins such as Exploit Scanner or Wordfence may not prevent a hack, but can help you find the source should you be hacked. The plugins scan files for anything suspicious, files that have been modified or files that have been added. To an untrained eye, looking for an obscure line of code that’s been added to your site is like finding a needle in a haystack. That’s where these plugins come in handy.
Verify your site with Google Webmaster Tools
If you haven’t verified your site with Google, you really should. Not only will Google send you a message that it has detected an issue on your site, but it also allows you access to a number of tools that can help better optimize your site. Once I received the dreaded message, it didn’t take Google long before it tagged my site with the infamous “This site may harm your computer” as a warning to others. Obviously this is not what any Webmaster wants but you can’t fix something if you’re not aware it’s broken. Once you deem your site clean, submit a request to Google to review your site.
Within 72 hours, I made over a dozen calls to my hosting company to see if they can help me find the source of the malware. I was not so lucky in my first few attempts. Most reps were not able to help, not because they didn’t want to, but I believe they did not have the experience to do it. I hit the jackpot one night as the rep found the source in under 2 minutes (this was before I realized there was a backdoor).
I purchased a package from my hosting company that essentially works similarly to the plugin I installed. This all happened around the same time so I got to see what worked. I was surprised to learn that the free plugin detected anomalies that my hosting company did not. However, because I paid for the service, I was able to speak directly with the security team which was a big help.
There are also numerous forums that you can reach out to for help. People are generally very supportive and willing to help. The one I reached out to was the Google product forum for Webmasters.
Change your password
If you still have the default “admin” username, change it immediately. All hackers know this and will try to gain access to your site with it. Partner that with a strong password. If you’ve been hacked, change your password just to be safe.
If malware persists, look for a backdoor
Within a week of my first malware notice from Google, I thought I nipped it. However, I soon received another warning. I went back to those same files and sure enough the unwanted code was back. I deleted it and hours later it came back. It was then that I figured there was a backdoor to my site. The key is not only to find and delete the malicious code within the files, but to also find the file that was creating the backdoor. Until you do, the code will keep coming back.
In the end, I learned many hard knocked lessons, including the fact that I can be hacked. I’ve changed my way of thinking. Question is, have you?
Image courtesy of James Barker / FreeDigitalPhotos.net