For me, the year started well with solid goals in place and a determination to succeed. I’m already pretty much living my ideal lifestyle but need to increase my monthly income (don’t we all!).
Everything was going well until about two weeks ago when my laptop started playing up. I was getting messages that someone, or something, was trying to change my settings and getting increasing c: drive error messages. I also found my laptop would overheat and then the screen would go black.
On top of this, since last Summer, I’ve been plagued with my wordpress sites being hacked. I have 18 domains registered (five authority or “main” sites, and thirteen niche sites). My hosting company support team have been brilliant and each time I’ve been hacked (3 or 4 times in total), they’ve cleaned up the site and got me live again.
Towards the end of January though I started getting emails from new subscribers saying they were getting a virus or Trojan threat alert when visiting one of my download pages. The hosting company support were saying they had cleaned it, and couldn’t see a problem, but I continued to get anxious emails. If you were one of the people who got the virus alert and emailed me, thank you so much for making me aware of the problem.
What about all the momentum I’ve built up?
By now I, and the hosting company support, were getting exasperated as my women’s way to wealth site was being cleaned and then immediately becoming re-infected. Not only was I worried about what was causing this constant re-infection, people were starting to unsubscribe from my list and I was starting to lose some of the great traffic and momentum that I’ve worked hard to build up.
In addition to guest posting on some popular blogs, such as rightmixmarketing and Jay orban’s reviews, I was a finalist in the Firepole Marketing competition and my traffic and community was building. I can’t tell you the frustration at having to stop all work on my site and all communication with my subscribers while this was sorted out. Then, as my frustrations levels were already increasing, my laptop finally spluttered onto its final legs. So, now I had no laptop, no ability to communicate with my subscribers or fellow bloggers, and my websites had been hacked. Disaster!!!
Time to give up?
It’s times like that that make you want to give up. I felt totally frustrated and really angry that the momentum I’d work hard to build up would take a big step backwards. In the early days of setting up a new online business or blog building the momentum of community is like pushing a boulder up a hill, or launching a rocket into the atmosphere. 80% of the effort is at the beginning, then you only need 20% to maintain it. So, I felt as if I’d got the engines revved and then someone had clamped my wheels.
Various emails and desperate cries for help went backwards and forwards to the hosting company support desk. They suggested two remedies, which I didn’t feel able to handle myself, so I outsourced through People Per Hour. I highly recommend this site if you need help with anything (more on that in another post soon).
The remedies recommended were a) to back-up and remove all my wordpress files and databases, and then completely remove and reinstall the wordpress installation – for each of my 18 websites! And, b) Load a new theme and remove, update and reinstall, all my plug-ins (I have about 12 on each site!).
Honestly. I felt like crying!!
The internet marketing communication dilemma
I couldn’t risk emailing my subscribers (sorry for the quiet couple of weeks folks), because its when you email your list that your traffic spikes and people visit your site. And for once I didn’t want that as it would have flagged up more virus alerts and spooked everyone.
On the other hand, I didn’t want to completely disappear off the radar and not communicate with anyone. It was a real dilemma. In the end I decided to outsource the remedial work – which only took 2-3 days – then re-launch my new site with its jazzy new theme (http://womenswaytowealth.com) – let me know if you like it! And then contact you, my loyal subscribers knowing that I could announce a safe, virus-free, site once again. Which I’m doing now.
The worst thing for me was the fear of sending anyone to my site and them getting a virus threat alert. That’s suicide for any web business. So, I held tight while the clean-up operation took place.
The solution? Or maybe not?…..
Feeling happy that I’d found a great wordpress expert to clean up my sites for me, there was more bad news to come. In fact his second email to me started “I hope you’re sitting down, I have some bad news…” oh dear, not what you want to read when you think you’re on the road to recovery and have found a solution to your problems!
Of my 18 sites, all but 2 were infected – they had been hacked and had rogue html code added to the index.php files and some pages. One of my pages had been hijacked and was forwarding traffic to a Russian Viagra site!
It’s very hard to check every page, every plug-in and every piece of code and what was happening was that because 16 of my 18 sites had been hacked, every time we cleaned one up, the others would re-infect it. A bit like a nasty yeast infection (yuk!!).
Mike, my People per hour, WP expert had some quite draconian, but sensible considering the situation, suggestions. Delete everything on all except the essential sites, for which he would back-up the data files, delete the wordpress installation including all plug-in’s, files etc. and then reinstall. He then painstakingly had to reload all the content files, plug-ins and widgets after they’d been checked and scrubbed.
Hard decision time
I had some hard decisions to make and the end result is that of my 18 sites I now only have 5.
The other 13 were completely deleted and removed. I still retain the domain names but if I want to use them I have to start from scratch, re-install wordpress and recreate ALL the content. Some of my sites had a lot of content (blog posts, articles, links etc) but on 5 of my sites the hackers’ code had wiped out the contents, leaving empty, virus-ridden websites. This had happened to an older site that hadn’t been updated in a while, and my most recent new site that was being constantly updated. Go figure, there’s no logic to the pattern at all.
The big lessons learnt?
- 1. Always create non-obvious user names and passwords for your wordpress admin log-in’s. There is a good reason why you shouldn’t use “admin”/”admin” for your name and password. The hackers know people do this (yes, I’m guilty of it too on some of my earliest sites) so don’t make it easy for them to access your wordpress sites.
- Keep your plug-in’s updated. Another trick the hackers use is to get into your sites through opt-in forms. So, when you enter your email into the box they can put code on your computer that will infect your pc and your files, collect your passwords and get into your wordpress sites. It’s very clever and very scary, and, of course, you don’t know where the infected code has come from so you can’t avoid it. (side note: one friend of mine mentioned recently that he has a separate email account purely for signing up to email lists – that’s probably very sound advice).
3. My WP expert has also removed the version code from the plug-in’s because the hackers are searching for old versions of the plug-in’s to hijack. You can easily remove the version number so they don’t know which version you’re using, and they will probably move onto an easier target. It’s just like protecting your home, if you make it hard for burglars to get in they’ll just move on to an easier target.
So, now with a new computer and 5 shiny new clean websites I am back in business, and slightly wiser than before. I’ve changed, and will change on a regular basis, my cpanel and wp-admin passwords, I’ll keep my plug-in’s updated and will be very careful about what I download and from where.
There are also wordpress plug-in’s that monitor your code for likely hacked code and alert you so those have been installed on my site now too. I would definitely recommend you do the same.
And, yes, before you ask, I do have all the usual virus checker software and tools on my laptop and pc, but they didn’t stop the hackers so it’s worth having “internal” wordpress virus protection as well. And if you’re not sure, or it all seems too much, then take advice from people that know about these things. It saved me many hours of trying to work it out, or worse still, giving up altogether when it seemed just too much to bear.