For the better part of a week, I’ve been working on getting my site back up to speed as a result of getting hacked. That’s right, even a tech-savvy guy like me can fall victim to hackers infecting my site with malware.
For all those folks who think “It will never happen to me” I have a personal testimony to share as well as to reiterate the phrase: “It’s not a matter of IF your site will be [insert the WORSE thing possible that could happen to your site here], It’s a matter of WHEN your site will be [insert the WORSE thing possible that could happen to your site here]”.
If your entire business and livelihood depends on your site remaining up and running 24/7, 365, here is my story as well as some action items to sure up your online security, and help you prepare for your site getting hacked.
How BrothaTech.com was hacked and infected with malware
Word on the street is that hackers got into over 100,000 WordPress sites as a result of fault security flaws in out-dated plugins, specifically, the RevSlider plugin that was previously outed for having some vulnerabilities that made it susceptible to attack.
Now I’d like to think I keep my site’s plugins up to date, but my specific problem was outdated plugins on sub-domains connected to my main domain that I don’t use anymore. So after checking my site in response to Google sending me a warning message in my inbox, sure enough, there was a “nasty gram” plastered over my site if anyone typed in the brothatech.com url.
Scary right? So all last week, I did a ton of research, broke my site multiple times, sweated my domain host, bugged my web designer…all to no avail. Finally, I reached out to 3rd-Party website monitoring service called Sucuri, who after a scan of my site, confirmed that it had been infected of a gang of malware.
Among its other online security offerings, Sucuri specialties include malware removal and website monitoring to keep sites clean. It was my last resort, so I dropped the dough, submitted a ticket to have my site cleaned, and crossed my fingers.
After a couple of hours, the folks at Sucuri found the infections, cleared them up, and re-submitted my site to be whitelisted. They are also able to help me with some of the issues I had as a result to trying to resolve the problem on my own. Next time, I’ll stay in my lane…web development is NOT one of said lanes.
I know a ton of eHustlas Digital Entrepreneurs who make a comfortable living (and them some) as a result of all the hard work they have put into their blog/website content-wise. I’m pretty sure those same folks think they aren’t a big enough target for hackers, so they only employ the most basic safeguards to keep their site up and running.
Imagine if visitors (and their page views) were scared away from clicking on your SEO packed blog posts, pretty Instagram-optimized featured images, and sales funnel opt-in landing pages, do being Blacklisted by Google?
Do I have your attention now?
Tips to help you before, during, and after your site is hacked an/or infected
1. Back up your site’s content and the database
The most essential precaution you can take to make sure your site can be reborn after an attack, or any other kind of digital disaster is to make and keep regular backups of both your site’s content and the database it lives on.
Let me guess, you don’t back up your site? Boo on you. You don’t have to know SQL to keep regular automated backups of your site.
I wasn’t too messed up that my site was hacked because I use a plugin called iThemes Security to send me daily backups of my site via .zip file to my email inbox. Plugins make it easier for somebody without coding skills to jazz up, and this case, keep a copy of your content safe just in case it needs to be moved to a new domain host, or rebuilt as a result of being attacked. Additionally, plugins like iThemes Security will let you take additional online security precautions to keep your site safe like hide or even change your WordPress admin URL, limit failed login attempts, and view a list of low, moderate, and high-priority items you should act on to secure your site.
Now if you want to stay away from a ton a plugins on your site (more on that later), you can backup your site by accessing your domain’s cPanel. When you signed up to have your site hosted outside of WordPress.com, your domain host should have given you specific instructions and credentials that differ from WordPress login info to access your site on their platform. Within cPanel, you can accomplish a number of additional tasks like manually back up your site and save it to your computer, or in the cloud.
2. Minimize the amount of plugins you have and keep your plugins up to date
Plugins make is super easy to customize your site add that level of professionalism and uniqueness. On the flip side, too many plugins will slow your site down, and make it harder to manage your site. The harder it is to manage your site, the more likely you will ignore those “update your plugins” notices.
That can lead to (you guessed it) hackers targeting your site via old plugins. Staying on top of plugins will reduce the risk of hackers finding a backdoor to your site that will enable them to spread malware, put up content on your site that could damage your brand, or hold your site for ransom.
3. Ask, and pay for help
One of the hardest things for most people to is ask for help. If I’m not making myself clear, let me say it another way. “You get what you pay for”. If you don’t invest time and money into making sure your site is running smooth and secure, or can quickly be back up and running if it is compromised, you will be in world of hurt, especially if you’re one of those people with entire empires online. If you seek out places like pen testing companies uk before you are hacked then you know where the weak points of your system are and know how to fix them.
In my case, decided to shell out the money to have Sucuri clear my site of malware. In your case, it could mean paying a consultant to come in and help you secure your site before it’s hacked (I may know a guy…). It could mean skipping the freebies, and actually paying for plugins and 3rd-party services that will secure, backup, and constantly monitor your site, in addition to help you get your site back from hackers and malware.
If you really want to build a business and make money online, you have to treat your site like you would a car, house, a pet, a child, a perm, or any other person, place, or thing, that needs regular care and a considerable amount of funds to maintain. Basic WordPress themes passwords won’t cut it these days.
If you have some online security tips and tricks, drop a line in the comments section.
No affiliate links were harmed in the making of this post