What I Learned When My Site Was Hacked
Last week this blog got hacked and it was not even a little fun to get everything sorted out. After all that work writing posts and uploading photos, the thought of having it all gone made me sick to my stomach. In an effort to help those that have not been through something like this I will share what I learned when my site was hacked.
Let's start with the fact that the chances of your website getting hacked are HUGE. Don't think it won't happen to you, because it totally can. Especially when you have a Wordpress site. A blog that's shut down means no marketing, no business and that everyone that clicks on the link to your page will get some sort of ugly error message. In order to minimize the damage, here are some things to keep in mind.
- Get your files backed up. The cost is likely minimal (it costs me $1.50 a month) and if the hack deletes your files or corrupts them beyond repair you can at least have a backup to restore and what you will lose will not be as significant.
- Install a firewall. This will cut down on the amount of possible attacks considerably.
- If you're not technical, or don't have the time to do things yourself, hire someone - the money will be well-spent. When all of this happened I posted my problem on a blogging group and several of the members referred me to Sucuri. While there were some initial hiccups, in the end they proved to be an excellent resource and able to fix the problems with no files lost.
- Create complicated passwords. At one point, after installing the Sucuri Wordpress Plugin my blog was subject to what's called a 'brute force attack' if that sounds ominous it's because it is. I could see the emails of all the failed login attempts. Scary. I use 1Password to generate and save my passwords and it's well worth the money, in my opinion.
- Update your themes and plugins as soon as updates become available (the updates may protect you) and un-install anything you're not using.
This is just basic info, there are many others out there more qualified to speak on the topic. Hopefully what I learned when my site was hacked will be helpful to you. The bottom line is to not think that it won't happen to you. It can and if it does it's no fun to know that your site is down. By taking some steps to prepare you can get your site up and running much faster than I did.
Oh, and one last thing, it became glaringly obvious during the hack that what makes a company good or not is how they react when something goes wrong. My hosting company, who I won't name, dropped the ball on the support ticket and when I contacted them about it they tried to change the subject and blame me for their lack of response. Sucuri, however, not only quickly apologized for the delay but also proceeded to fix the problem as soon as possible. My thought is, mistakes happen, that's understandable, admit to them like a grown up and make it right.