After re-branding both my websites, my blogging life seemed to be running smoothly. That is, until FineArtTips.com got hacked – again!
*I’ve written this to educate those of you who are interested in blogging and using WordPress. Maybe my tips will help prevent a malicious hack like I have endured. You might also enjoy this educational post, Just Say Not To Hackers.
When I was first hacked in August 2011, and my two WordPress blogs were down for nearly 3 weeks! I lost blog posts, tons of traffic, and my Google ranking fell. It took at least 6 months to regain my blogging momentum.
But, this hack was different. My blog was the only one on the virtual dedicated server that was hacked! Why? Lucky me, why couldn’t I win the lottery instead?
Rest assured, hackers don’t generally go after individual bloggers. Most often they target web hosts who have weak spots within their system. These vulnerabilities allow hackers to deface multiple sites, even hundreds at a time. In 2011, this is exactly what happened to my web host’s server – we were all hacked.
However this time, I was specifically targeted.
Here’s how it happened…
One evening, I tried logging into my admin page. Everything looked normal, but after numerous failed attempts, my blog wouldn’t accept my password. Reluctantly, I decided to change my password. This worked, and I was able to access my blog. However, when I visited my blog the next morning, a blue screen welcomed me with demonic music saying, “You’ve been hacked!”
The first step…
I immediately called my web host/developer who then took down my blog for repair. After that, I had terrible customer support and service. It was very stressful and disheartening. Once again, this immediately hurt my traffic and Google ranking. I was very unhappy with my webmaster and his hosting company which used GoDaddy.
My Twitter friends and readers were very supportive of me during this time. I received phone calls, emails and tweets with offers to help.
My good Twitter friend, Todd McPhetridge (a talented photographer and a popular guest post contributor) was especially helpful as he spent many hours coaching me through the ordeal. Todd encouraged me to get all my passwords so I could begin to migrate my blogs to a new hosting company.
Finally, I was able to get the phone number and passwords to speak directly with secureserver.net support. Now, I was able to get some answers.
The hosting company had backups, and they rolled my site back to the date before the hack. The security team also ‘scrubbed’ my site and determined the hacker most likely used the WP Super Cache plugin to gain access.
A week later, FineArtTips.com was back up and running. However, I was getting messages and tweets from my supportive readers. My blog visitors were being prompted by a malware pop-up to ‘download-this’ page.
The security team was concerned that malicious script was embedded, but disabling and resetting the permalinks quickly fixed the malware.
The next step, time to take control!
Fool me once, shame on you. Fool me twice, shame on me!
After two hacks with the same web host/developer, it was time for me to find a new web developer and migrate my blogs to a new host.
Bluehost.com helped clean up the mess caused by the other hosting site and got my site back up and running smoothly. I recommend BlueHost.com only for small to midsize blogs.
At this point, FineArtTips.com had grown to be 2.5 gigs. We learned that the WassUp plugin had a table that created 1 gig of useless data. But, I was unable to get my PHP password from my previous web developer, so we couldn’t delete the table to shrink my database. (*As of 2018, this blog has grown to be 19 gigs, too large for Bluehost. For more complex blogging, I HIGHLY recommend WordsRack.com for more complex blogging.)
*Here’s a note about plugins…
WordPress is versatile and customizable. There are so many plugin goodies, but many are bad for you. Plugins are not candy, they are poison! 😉 Before migrating your blog, ‘lean-out’ your unused plugins and delete them. But, make sure to clear out the plugin data before deleting the plugin. Keep your plugins up-to-date, otherwise they are a security risk.
Fellow art blogger, Barney Davey advised me during this time. I learned that GoDaddy.com and some of the other big hosting companies could only accommodate 1 gig for their shared secure server. The other option was, I would have to buy my own virtual dedicated server! This could cost around $1500, plus I didn’t want to learn Plesk – I am an artist, not a programmer.
My friend Todd, has a few blogging tips to share…
Once You’ve Been Hacked Prayer and Backups are Your Best Options
If I can give you one piece of advice that will save you a lot of heartache it’s this…make backups.Have backups of your backups and automate them so that you don’t have to even think about it. If your site is ever hacked you’ll thank me for it. Your hosting company should have backups, but if for some reason they don’t, you can quickly get back online with your own personal backup. I was hacked a few years ago and called GoDaddy and asked them to roll my site back to a few days before the hack occurred. I was back up and running in a few short hours. That was a huge sigh of relief!
Artists take heed, having backups doesn’t apply to just your site. Protect your art as well. Viruses can damage your computer and destroy all of your hard work. I have multiple external drives that I keep all of my art copies on, just in case. Another option is Google Drive, it’s free for up to 5 gigs of data and the pricing plans are very reasonable. I have some of my more important data stored there as a worst case scenario. You can learn more about Google Drive here: https://support.google.com/drive/bin/answer.py?hl=en&answer=2375123
Lastly, I try to keep my plugins to a bare minimum, because the more plugins you have, the greater your risk of being hacked. I also delete any plugins that I’m not using just to be on the safe side.
Here’s three plugins that I highly recommend to really help your site in the search engines and the overall user experience:
In a nutshell, here’s what I learned…
- Find a reputable web host with 24-hour support.
- Find someone who understands WordPress and English (or your own language).
- Own your own domain! You want to control and own your site and its intellectual property.
- Have a good working relationship with your web developer.
- Know and keep a record of your own passwords!
- This includes your admin password
- Your FTP password
- Your PHP password
- Backup your data!!! Vickey introduced me to BackupBuddy.com
- Keep your WordPress theme up-to-date. Here’s a great post about WordPress vulnerabilities and how to fix them.
- According to ESecurityPlanet.com, nearly 80 million websites in the world run on the WordPress publishing platform.
- Half of all WordPress sites are self-hosted which makes them a popular target for hackers.
- Use WordPress approved Plugins
-
- Keep your plugins up-to-date. Out-of-date plugins can break your site. Here’s an informative post about plugins.
- They are a security risk.
- Minimize plugins.
-
My hope is to educate my fellow bloggers, especially WordPress users on ways to prevent becoming a victim of a malicious hack. Honestly, I almost abandoned FineArtTips.com. I blog because I love to help others, and your kind words have kept me going. Thank you for your support. ~Lori
PS. I’d also like to thank my good friends at ArtworkArchive.com for offering their geek expertise! Please check out their brilliant artwork inventory and tracking system. If you have any other tips about hacking, please leave a comment for others!
Learn HOW TO START A WORDPRESS BLOG IN 15 MINUTES OR LESS
Ugh, getting hacked is the worst! BackupBuddy and Sucuri are both amazing. Sounds like you should be safe now.
Thanks Julia! Sounds like you knew more than I…glad you are protected too. I appreciate you stopping by.
Lori 🙂
I am so glad you did not abandon this blog. I really enjoy reading it, and I’ve learned so much from it. I am always inspired by your topics. And your artwork is stunning.
Hello Connie, people like you kept me going! Blogging at this level is a lot of work, but I do love ‘meeting’ other artists like yourself here. Thank you so much for your supportive words.
Lori 🙂
Glad you are back. I need to find my passwords and backup, thanks for the advice.
Hello Sue, well go get those passwords while this is fresh in your mind! I’m glad this post helped you. 🙂
Hi Dear Lori, happy to know that your site now back and working fine. It’s nice to know about your great tips and effort you made to overcome this issue. Btw always a pleasure to help you to you just need to ask dear. As you mention plugin :
WordPress SEO by Yoast
Yet Another Related Posts Plugin
W3 Total Cache
want to tell you that Yet Another Related Posts Plugin this requires more resource usage from your server as to serve the related post and other two plugins you using is best and work more acurate when you tweak them to best settings as W3 Total Cache requires much details to fully work according with your site.
For better performance of your site Use : MaxCDN (Paid) or Cloudflare – Security+CDN (Free)
For backup service i recommend you to use WordPress Vaultpress : http://vaultpress.com
For Server hosting i recommend you to use Site5 Shared Cloud or Cloud VPS as your site traffic : http://bit.ly/YZrbHw (As i am using their VPS Hosting)
They also offer backup service and malware protection. So your site always safe.
You will get free 30 trial and they will easily migrate your site without any cost their service and team is amazing. You will surely love it.
If you need further more info. please let me know. ((Hugs))
Thank you so much Amit. It’s great to see you here on my site, and I am so glad to get it fixed!
xo
Amit, thanks for taking time out of your busy day to share these tips! I am happy to learn about the other plugins you suggest. I am trying to minimize the database as best I can, so I will check into your suggestions. Having just migrated to BlueHost, I think I will stay there for a while. So far, so good!
You are very kind to share your expertise!
((Hugs))
Wow Lori sounds like you went through quite an ordeal. I manage over 150 WordPress sites and have only experienced one hack. It is a heart stopping experience for sure. I reinstalled a fresh instance of WordPress and restored the content from a backup (whew).
I wrote guest blog post for Alyson at artbizblog.com about securing WordPress perhaps it might help your readers as well. Here’s the link http://www.artbizblog.com/2012/10/wpplugins-security.html
One of the plugins I recommend as did Julia, is Sucuri Scanner, not only will it scan your site but it will also help lock it down. And if you really get into trouble you can hire them to clean your site.
As you say in your article – you can’t have too any backups and backups of your backups.
Happy that all’s well (that ends well).
Hello Kim, thanks for sharing your link. I do mention Sucuri within this l o n g blog post, but you might have missed it. I added it to my sites and hope it helps catch any threats before they turn into problems. Thank you for stopping by! You are welcome to share a guest post here sometime with us if you’d like. Your site site looks great, I didn’t know about you!
Happy blogging,
Lori
Lori it would be darn near impossible to write a short post about security. If one did and it contained only one word, my choice would be BACKUP!
I would absolutely, yes, love to do a guest post for you Lori. I’ll contact you separately about that.
Thanks
Kim
Hi Lori – thanks for telling your story and how you got back on-line. I got hacked right out of the shoot last year when I was just getting started my on WordPress. I
Here’s my tale if you wish to read it:: http://thedelightdetective.com/escape-from-stuck-ville-3-helpful-routes-to-return-you-to-your-creative-path/
The biggest lessons I learned:
1) ask for help, (a big Yay to Kim Bruce!)
2) create regular back-ups (I use Backup Buddy) and
3) have a good security scanning team on your side. (I love the folks at Securi – they’re helpful, quick and very responsive with added bonus of spelling stuff out in non-technical terms)
4) remember to take care of myself and not let being hacked ruin my outlook on life
Yes I still have a lot of tweaking I need to do with my blog, but I’m making progress in my slow and steady way.
I still need to figure out the world of SEO and how to navigate the plug-ins. That’s one of my goals for this spring.
Lori, thanks again for all the good information and tips you continually inject into our universe. It’s such a gift!
Cheers from Yes and Yay HQ!
Frances
Thanks for sharing your biggest lessons. I always welcome original, well written guest posts if you are interested. Thanks for sharing your tale…
So sorry this happened to you.
i started out making mistakes on my own. Now my son has taken over as my admin and I blog on a service or something that he owns. He instructed me to NEVER add any plugin or apps just because it looked good. basically they can be dangerous. I do not get all of this tech stuff, I just write about what I know. So, I feel safer with a knowledgeable admin telling me “NO.” Makes me feel like a kid, but, who wants to get hacked?
Just because something or some body seems nice,we all have to remember that the inter-net is not Happy Days in the 50’s anymore. we have to stay safe.
Thank you for sharing you awful experiences.
Lori,
Sorry to hear you had this nightmare problem! Hope that experience is over forever …
My experience with BlueHost, which I’ve used for the past three years, has been excellent. Just about perfect customer service and no problems so far (fingers crossed!)
Carolyn
I’m glad that you did not give up on this blog. I really enjoy reading your blog posts. it has helped me a lot with marketing myself. So I want thank you for that. Also you were using Go Daddy for your hosting when you got hacked right?
Hello Jose, thanks sooooo much for your encouraging comment. Yes, I was using GoDaddy. I have since moved to BlueHost and am much happier with the service and security. Many thanks!
Whew! What a mess… Thanks for sharing it, especially the happy ending. I went through a huge roller coaster with my hosting guy and site manager that I am still in the process of recovering from. Doing business with friends can be disastrous.
It’s so frustrating… most things you can just figure out and fix yourself, but unless you’re a programmer this is a strange and exceedingly complex new world.
Also thanks for the plugin suggestions. I will check them out.
best,
liza
Hi Lori, Sorry for the troubles, but glad you got it resolved, and thanks for sharing your experience with us.
My site too was hacked last year. I became aware of it because it was getting slower and slower. I went through the code and saw strange entries in it and so notified my host. Like you it was very frustrating, and they weren’t helpful. I finally took my site down and went through it line by line to clean it up.
I also use the same plugins and recommend them too. I discovered again the hard way that the code on many plugins is sloppy and open to vulnerabilities. I’m still looking for a better host and was wondering about Bluehost. If you are happy with them, I’ll give them a try.
Glad all is well now,
Daniel
Hello Daniel,
Yes, and I am on top of keeping those plugins that I do use updated. I am glad this post was of some value to you. So far, I am very happy with Bluehost and their customer service. They are a bit smaller and more eager than some of the other companies. Good luck!
Hi Lori,
It is very good that you wrote your story about the website hack and how you got back on-line. Even I got hacked twice in last month and for a day i have lost my business because of hack.
after that i am very much strict on the website security. So I have got a article about WordPress hack and how to secure WordPress website. You can read it here. http://totalwebsecurity.com/wordpress-pharma-hack.php
We can secure our website thru using web monitoring tool. for Further details you just sign up for this website.http://totalwebsecurity.com/
Thanks for sharing your sites Steve. Glad to have your tips and thoughts here…
thanks for sharing the information it was really helpful to me thanks once again
I was offline long time working on several projects and did not see this before, sad to hear that your blogs were hacked again after all your work and effort, but I’m glad everything is resolved and you were able to recover everything. Kind regards from Spain. Have a good weekend!
Alexandra.
Thank you for stopping by. I am so glad I got the hacking resolved. it was very time consuming and frustrating – plus expensive. I hope others can learn from my misfortune!
Great tips ! I have learned so many things from your post about hacking and how to resolve this issue. I’m a begginer blogger and never been thinking about it before reading this. That make me more aware of what to do with my blog and . Thanks alot for sharing
Glad my hacking misery might help others! Thanks for letting me know 🙂