Standing in a coffee shop line in the middle of the Las Vegas Convention Center, my phone “dinged.” It was a Facebook message from a blog reader. I had a big sponsored blog post going up that day and I was really proud of myself for getting everything scheduled out perfectly so that I could take this trip out of state.
The message: “I can’t get to your blog.”
I replied, asking what she meant. She said my blog was totally down and sent me a screenshot of my site, now displaying a scary looking message from the hosting company that they had removed my website for malicious content.
I quickly got on the phone with my hosting provider (who was not GoDaddy at that time), who told me I’d been hacked and they had removed my site from their servers for security reasons. Luckily, they said, I could pay them several hundred dollars to get the site cleaned and restored right away. I signed up on the spot and gave them my credit card information over the phone. I was miles from my hotel room and hours from home and I needed my site back up right now.
With what I know now, I plan to never be in that situation again.
A look back at the hack
The hacking had started with my emails, a few months earlier. The symptoms:
- I wasn’t receiving all of my emails.
- Recipients weren’t receiving emails from me.
- My email address had been blocked by the email servers of some of my top clients.
- My newsletter open rate had dropped significantly.
On my website — my primary source of income — I noticed:
- Links, photos, and full articles appeared on my site — stuff I never wrote or added.
- My traffic dropped as my site no longer showed up in Pinterest and Google searches.
- The Facebook reach on posts with links to my site was next to zero because my site was no longer “trusted.”
For months, the hosting provider denied that anything was wrong with my site.
After I moved to a new host and hired a website security service, we discovered that the hack had occurred at the host level. The previous host’s server was hacked at the database level, so that even when I moved hosts, the hackers still had access to the backend of my site through the database password.
We wasted a lot of time and effort before we made that discovery, however.
We spent months cleaning my site from hacked images, fake articles with backlinks, affiliate links which weren’t mine, and other hacked content — not knowing the malicious forces at work were able to add hacked content after each cleanout via the back door through the database. Finally, I ran a scan with the website security service which revealed the database breach. We fixed the issue on the new host’s server, putting an end to the hack after more than 18 months of struggle.
If you are afraid of being hacked or suspect that your site has been hacked, keep reading to see how I dealt with this hack and how I now keep my sites safe from attacks.
Lesson learned: Go with a web hosting provider that takes security seriously. For instance, GoDaddy’s web hosting provides 24/7 security monitoring and DDos protection.
Prevent hacking: Know the signs
It seems like it would be easy to know that you’ve been hacked — but hackers use sophisticated methods to hide and mask their activities so you’ll carry on as usual. Some hacks rely on your website and email remaining functional because they’re using your site to hack and manipulate other sites.
Here are some ways to tell if your site has been hacked:
Strange behavior with emails
A few months before my original host removed from site from their server, I started noticing strange behavior with emails sent and received using my domain name. Here’s what to look for if you suspect your email might have been hacked:
- People say they are not receiving your emails.
- You are not receiving all of the emails people say they have sent you.
- Your open-rate, delivery-rate, and response to email newsletters drops significantly.
- You carbon copy (cc) yourself on emails but they don’t make it to the recipient.
- You receive a notice from a recipient’s server that your email has been rejected for security reasons.
- People tell you they are receiving spammy emails from your email address.
If you notice any of these situations occurring with your emails, contact your host right away. Change the passwords to your email accounts.
Lesson learned: Keep close tabs on strange behavior with your domain-based email, and contact your email provider if you experience any of the potential hacking signs above.
Content on your site that you didn’t add
I started noticing content on my site that I didn’t add; photos and links within existing posts and sometimes, completely new content altogether. If you believe your site may have been hacked to be used for linking schemes or other dishonest commercial purposes, here’s what to look for:
- The appearance of content that you did not add to the site.
- Links you did not add appear on keywords in old posts.
- Your photos look different, as if they had been downloaded, altered, and re-uploaded.
- Articles you did not write or authorize appear on your site with you or another authorized user as the author.
New users you didn’t add
When I noticed the new articles on my site, many of the articles had been attributed to me. But the last three articles I found were attributed to a new user with administrator rights.
Use a security service plugin to receive notifications if the user tries to access your site again. At that point, you can use the same security service plugin to block their IP address from accessing your site.
Lesson learned: If you use WordPress, install a security plugin.
Alerts from Google
Sign up for Google Search Console (formerly WebMaster Tools) and follow the steps to get alerts when changes are made to your site. If your site has been hacked, you can also use Google Search Console to submit your site for reconsideration for inclusion in search results once you have repaired the hack.
Lesson learned: Don’t wait until after your site is hacked to sign up for Google Search Console. Here’s how to integrate Google Search Console with a WordPress website.
How to prevent hacks in the future
If you’ve been hacked, the first step is to make sure the hack is totally removed from your site. Start by purchasing a scan from a reputable site security company, like Wordfence for WordPress.
If the scan finds suspicious activity, you’ll either need to hire someone to fix the problem(s) or do it yourself. If you’re not a lover of code and tech, hire this out or work closely with your host to resolve the issues.
There are a variety of both free and paid options to help even the least techy person manage their WordPress site security themselves.
Install Google Search Console
This tool to help prevent hacking is so important it’s worth mentioning again: Install Google Search Console on your site. Make sure you sign up for this service with an email address that is not connected to your website. Why? If your email is hacked, hackers might not allow an alert from Google Search Console to reach your inbox if you are using the email account associated with your hacked domain. Pay attention to any email alerts you receive from Google Search Console and check into the Console itself online regularly.
Update WordPress plugins and themes
Plugins are updated for functionality but they are also updated to prevent hacking. Your WordPress site will alert you when plugins, themes, and the WordPress CMS need updates. Simply click the “Update Plugins” button on your site to begin the process.
Remove unused and out-of-date plugins
Uninstall plugins you don’t use as they can provide hackers with a backdoor to your site. Avoid installing plugins that have not been updated by the developer recently.
Install a security plugin
If you use WordPress, ask your host or web developer to recommend security plugins and software for keeping your site secure. Most of these plugins offer a free version and a paid premium upgrade which has more features.
Security plugins can help you easily change settings on your site, such as limiting the number of times someone can attempt a login before their IP address is blocked from accessing your site.
They can also alert you to activity on your site, such as new users being added, plugins that need to be updated, and logins to your site from any IP address.
Scan your users
Make sure all the users with access to your site are people who you have authorized to use your site. Remove unauthorized users immediately and change your passwords.
Back up your website
Prevent losing all of your data by purchasing a backup service, such as VaultPress or UpDraftPlus, or hosting your website with a provider that offers daily backups. If your site cannot be restored after a hack, at least you’ll have all of your content and data, which you can move to a new site.
YOU can prevent hacking
Even if you are not “techy,” you can take major steps to prevent hacking. I used all of these methods to deal with the series of incredibly invasive hacks that occurred on one of my websites. Your site is 100-percent your responsibility — and armed with these tools and strategies, you’ll be able to make sure your site is secure and you’ll know what to do if a hack happens.
Also published on Medium.