It’s the text message that no blogger, website owner, or site developer wants to read.
Did you know that your site is down? (added screenshot photo of the red screen of death).
This weekend while I was traveling unplugged and unconnected, my site was hacked. Actually it’s a little bit more complicated than that. A site that I have been developing and preparing for launch on the same server as this site was hacked. I knew about it. I thought I fixed it with the help of my hosting company. But a few days later, every single one of my sites on my server had been quarantined with the red screen of doom by Google. When you searched for me in search engines, you were warned about my sites’ tragic health.
I’ve been through this before. If you’ve been rocking with me long enough, you may remember The Great Hacking of 2011, when my new-ish (then) blog was compromised after I used an open Internet network. It took a good two weeks for me to get back up and running, and I vowed that it would never happen to me again.
Five years later, I thought I would retain a web development company to install a new theme on my new site after I was having complications doing it myself. I handed over my WordPress credentials. My cPanel password. File manager access. All of that. Two weeks later, I go to said new site on my iPhone and mad pop-ups of grossness appeared. I shut it down. I contacted my hosting company. They locked down the site and cleaned it nice and good.
I thought all was well.
But all-knowing Google said, nope. And a day or two later, I was notified that my sites were down for the count.
via GIPHY
Hallelujah!
So what did I learn from this travesty? Take out your pad and take notes.
1. Separate your big fish from your little fish
TheCubicleChick.com for all intents and purposes it The Mother Ship. She funds all of the “other” projects that I work on. If she goes down, we all go down, as she funds my life and all of my projects. I’ve learned that she is valuable and needs to be kept on her own server, apart from my other properties.
The security of another site threatened the security of this site, so I am moving TCC to its own place in the innerwebs. Because, sanity.
The site that is making the money should be on it’s own network.
2. Research anyone and anything you give access to your website
I slipped. Without thinking, I gave over all of my important security info to a person in Indonesia who was working through a reputable site. I never should have done that. And I will never do it again. Always research and properly vet anyone you give access to.
3. Change passwords after someone completes work on your website
Once the job is complete and you are satisfied with person you’ve hired’s work, change all of your passwords. All’a’dem! The guy I hired waited two weeks to do the damage, and was probably elated to find that he still had access to infect my site with malware. Why would he do this? I don’t know, but I’ve read that overseas web designers people get paid to install tragic popups by pron sites and other unscrupulous online stupidness.
4.Tiered security
Multi-level security is the way to go, especially on WordPress, which is a hackers dream. Use a plug in like iThemes Security and set up multi-factor authentication to protect your website.
5. Google Webmaster Tools
Log in to your Google Webmaster Tools regularly to test the health and safety of your site. They used to send you emails of problems and issues they’ve found with your site, but they no longer do that anymore. Be proactive.
In addition, make sure that you have claimed your site on Google Webmaster Tools. If you haven’t and are locked out of your site, it is difficult to do so after the fact.
I am still rebounding from this madness. Several of my sites still have the red screen of yuckness, which I’ve learned have to be each submitted to Google for reassessment of their own. I have potentially lost two sponsored opportunities because when I was being pitched for them, my site was flagged. New visitors that may have stumbled across my website may not come back because I my infirmary status. All of this is so not good.
BUT, I am a survivor! My flagship is back up and running and I am on a mission to share my “negative” malware status with everyone! I will not be intimidated!
via GIPHY
Beats on chest.
Don’t let what happened to me happen to you. Be smart. Stay on top of your web security, and don’t give total access to a third party who you haven’t properly vetted.
My site was hacked. I’m good now. I don’t wish this on anyone. But know if you follow the above tips, you are less likely to have to deal with this headache.
P.S. Yes, my site was hacked even though I believe the person that did so had my passwords. I was hacked because malware and other content was installed on my site(s) without my permission and/or knowledge.
Great reminder. I set up temporary passwords for someone working on my blog. I need to go back and update them.