Hello. My name is Ashley, and my blog was hacked.
(This is when all of you guys chime in and say “Hello, Ashley.” )
Whew! Now that the whole “admitting” part is over, I feel a lot better! Well… not really. It’s not my favorite story to tell, but sometimes those are the ones that need telling.
There’s a little shame in admitting that you’ve been hacked, don’t you think? For some reason, you didn’t know all of the things you were supposed to do to stay safe. You had a weak password or a vulnerable site. You should’ve known better… At least that’s how I felt.
While I’m putting it all out there, I should go ahead and add that I am NOT techy. I know a lot of bloggers say that, but I seriously mean it. I could list the “techy” things that I don’t know how to do, but that list would be too long, and much too boring. It’s important to my story though, so there you have it.
Hello. My name is Ashley, my blog was hacked… and I am very not techy.
I had just gotten back from my first blog conference since the launch of my sweet little Today’s NC with motivation, ideas, and a to-do list out the wazoo. That’s when my Gmail inbox popped up a new unread message with the subject line:
[Webmaster Tools} Message Summary – > > Malware infection detected. Even my un-techy self knew that this had to be bad.
I hoped it was fake. That happens, right? Like the “IRS” calling my grandma for her bank account number? This was really some scam trying to fish for information… right? I called my web developer in. It’s handy that he’s my husband and also works out of our home.
That’s when I knew it was real. Now, whenever anyone tried to visit Today’s NC, they would be warned of the suspicious malware. That’s not really good for your online image. We took the site down immediately and put up a single page explaining what was going on. I had no idea what “soon” meant in this case.
I felt violated, annoyed and frustrated. Out of my 4 years of blogging, I had not talked to anyone that had actually been hacked. What did my little blog have to offer some hacker? Should I actually feel flattered that they bothered? Or was I just a practice site for the big blog they would move onto next? Even more, why did I not have the know how to prevent or fix my blog hack?!?
So my live-in web developer got to work. What did he do? How did he fix the blog hack?
How We Fixed a Blog Hack:
- Downloaded the site from WordPress.
- Downloaded and saved the database from the host provider.
- Deleted the database from the host.
- Reinstalled WordPress.
- Added the WordPress download XML (contains posts and pics) to our test site and confirmed these files were not infected.
- Downloaded the test site XML and loaded back to the original site.
If you are not tech savvy, you definitely need someone around who is. Web development is not my husband’s day job, but he knows the language and has experience. Me? I like to write, make connections, and share information. I’m learning though. Having your blog hacked is good motivation.
Even better than learning how to fix a blog hack is knowing how to prevent it. Today’s NC is on WordPress, so these are WordPress tips that have helped us.
Tips to Prevent Being Hacked:
- Update, update, update!
- Keep your plugins updated.
- Keep WordPress updated.
- Only have plugins and themes that you actually use.
- Look into a good security plugin. (Wordfence is what we have now, but do your own research to be sure.)
- Give yourself one of those whacked out, you never will remember, no real words, CAPTCHA image like passwords. It makes a difference.
Have you ever been hacked? How did you handle it? Are you going to be implementing any of these tips? What would you add to this blog post? We’d love to know in the comments below.
About Ashley
Ashley is a freelance writer, blogger, and current stay at home mom for two silly boys. A graduate of East Carolina, Ashley spent 7 years out in Seattle before moving back to NC. Her love of North Carolina inspired her to create the site Today’s NC to encourage everyone to see, learn, and do more in and around North Carolina and the Triangle. You can follow her personal Twitter account @AshleyBShaffer.
Libby says
Best backup for WP is the plugin Vault Press…it backs up the entire blog every day. And, their customer support is fabulous and responsive. I had a scare last week and they were great (all was fine!)
Allison Barrett Carter says
Libby, thank you so much for this! I am sure many of us will be looking in to it. Glad all was okay with your blog.
Ashley Shaffer says
I have heard some very good things about Vault Press. So happy to hear everything is fine for your blog. =)
Kelly says
Thanks for these tips! I’m sorry this happened to you, and hopefully your experience will prevent other blogs from being hacked.
Ashley Shaffer says
Thanks, Kelly. I hope so too. It definitely was embarrassing. But you learn, and move on. =)
jennifer says
How scary!! Thanks for sharing the tips!
Ashley Shaffer says
Thanks, Jennifer. The worst part was not having a clue what to do! Ha… but like I said, luckily I knew someone who did. And now we know how to prevent it. (Hopefully…)
AwesomelyOZ says
Great tips Ashley! It’s good to place more light on hacking in the internet world since it’s very prominent; especially now-a-days with hackathons going on all the time. I definitely practice security on my website and have a security company via my hosting company that provides that layer. I also update my plugins regularly and only keep active the ones I use. Good to know I’m on the right track to hopefully not getting hacked! Have a great one! -Iva
Ashley Shaffer says
Thanks, and definitely sounds like you are on the right track. Ugh… “Hackathons”… so true.
Mark says
Hi there,
I was working last time as a virtual assistant and our website has hacked and were infected with malware. Initially we fixed the issue but after a couple of months we were hacked again. So we decided to pay for company to protect our website from hackers. So far, so good.
Ashley Shaffer says
Oh man… so sorry that happened… twice! Sometimes it really is better to have someone else responsible for keeping things clean. Third time is most definitely NOT the charm you want in this case.
Stefanie says
Ours happened when my tech guy was with his brother at Comicon in LA (something he saved up for and was so excited to be at) and here I was calling him desperate because our site was hacked and google was sending out “don’t go to this site” messages. AAAAHHHHH!!!!
Fortunately he was able to pull the site off-line and work on it during breaks, but I’ll never forget the feeling of panic…and terror as we tried to fix and then restore the site. He implemented a few safeguards, including paying a little extra for our host to do daily backups – but I think I’ll look into this Vault Press Libby suggested and see what they have to offer. Tks for starting the conversation
Ashley Shaffer says
Ugh… yes the feeling of “that message” going out is terrible!!! I’m so glad you were able to get everything put back together.
Nikol Murphy says
Thank you for starting the conversation about this important and scary topic Ashley! I know I am going to contact my webmaster and do some research to ensure I am as protected as I can be for my personal site.
Ashley Shaffer says
Thanks, Nikol. I’m glad I had the chance to share the story. It’s definitely scary to think of losing everything you’ve worked so hard on.
kristenbagwell@aol.com says
I love this post, especially “how we fixed it” – making a mental note (and a paper one). Thank you!
Heather says
I feel your pain. It happened to me.. repeatedly. I eventually had to change my domain name and my host. I now have something called SiteLock on both my blogs which was an add on with Hostgator.
Julia Kruz says
I haven’t found a way to cope against hackers! Thx for helpful tips! I hope they will not be needed:)
Kara Mathys @Wellnessgrit says
The main rule I think is not to leave the same password on all sites. And must-have software like Antivirus
Trish says
That is a must!