Happy New Year, I’m back over a week of recovering from having my websites hacked. As I don’t recommend learning how to protect your websites after you’ve been hacked I’ve decide to share 8 things you can do today to protect your site. Learning after being hacked is the hard way to learn and I’m still learning what I have to do to avoid it again.
It started just before Christmas with a redirect hack on this site which is WordPress based – which basically means that if you accessed any page other than my home page you were redirected out off my website to another page, in my case pharmaceutical “enhancing” websites. This is low level hack, or so I’ve been told, and can be fixed by going to setting/permalinks and re-saving your setting. That worked for day or so and then it happened again. My advice is that if this is happening to you I’d investigate further with your hosting company to see if there is anything else going on.
I did call my hosting company for help but I didn’t ask what else might be going on because I didn’t know to ask which turned out to be a big mistake.
On Dec 29th I received an email from my host saying that my web hosting account had been DEACTIVATED. All of my websites were shut down and I’d been blacklisted on spamhaus. A quick call to my web-hosting company resulted in having to pay to have them run a “site doctor” to remove the hacked code and set up my websites with a dedicated IP address. After that was completed it still took several calls to get all of the bugs out and my site up and running. Overall my websites were hacked and down in different ways for 8 days.
Here are some simple steps you can take to avoid having your WordPress based website hacked and many of them apply to non WordPress sites as well.
- Do not have a user-id: Admin – if your user-id is Admin, create a new user with administration privileges, sign off from the Admin account, sign in with your new account and delete the Admin user (you will be able to reassign all of the post from the Admin account to your new account).
- Keep up to date – Make sure everything is up to date including WordPress, Themes, and plugins
- Clean up old themes – Delete any old themes that are loaded that you are not using or keep them up to date.
- Clean up all websites on your host account – If you have registered URL that are in your hosting account but are not active remember to keep them up to date as well. This can apply to website that are under development or as in my case a website that is only live one or twice a year.
- Remove FTP accounts – If you are not using FTP regularly remove the FTP accounts. Re-add them when they are needed.
- Run Virus Software on your desktop – Malware can come from your desktop onto your website. Make sure you are using reliable Virus software regularly.
- Back up your websites daily– There are a number of plugins available on WordPress or services provided by hosting companies that enable you to back up your site daily, weekly or monthly.
- Create strong passwords – Make sure password are strong, mix them up and change time frequently.
This is not a complete list as I’m still learning what else I need to do. However this is a list of 8 simple things you can do immediately to protect your sites from being hacked.
If you know anything else that someone should be doing to protect their website please share it below.
- When Life (or business) Give You Lemons 🍋 Made Lemonade - November 15, 2022
- The Power of Great Questions! - August 9, 2021
- Get Sh!t Done – The Power of Accountability! - August 4, 2021
Sheila M. says
Another suggestion to your readers, is to be very careful of where they get their themes for their blog or site from. Also, as you said, keep a strong password, and make sure it isn’t something someone can guess with enough guesswork or digging into who you are. Thanks for sharing your wisdom. How cruddy that you learned it over Christmas and from hackers. I’m visiting through UBC, as well, it is great to see that you got it all worked out in the end though. Good luck in the new year.
Heather Cameron says
Sheila – Thanks for the additional hint. So true about the themes, I advice my clients not use to free themes. I actually don’t know how they got into my site directories, from the removal tool they had targeted 4 different sites which run 3 different themes.
Nate says
Hi Heather,
Sorry to hear about your mishap. I hope it was’t terribly devastating. These are great tips to implement to minimize the risk of being hacked. Thanks for sharing!
Heather Cameron says
Nate: thanks, it was frustrating more than devastating although my stats and ranking for my site are all mixed. In some cases they are better and in other cases worst since my sites were blacklisted. It will be interesting to see how long it will take to settle out.
Camara Randolph says
Heather,
So sorry you were hacked especially during the holidays…that’s no fun but thank you for sharing simple strategies we can all do even with limited WordPress experience to keep ourselves safe.
I’ll be implementing these and sharing them with others.
Heather Cameron says
Camara, thanks it wasn’t fun but I’ve recovered. It is nice to know my experience might help someone else avoid being hacked. I stopped by your blog and commented that we both worked for Nortel. Small world.
Julie Jordan Scott says
Oh my goodness. How horrible for you and how generous of you to share your wisdom with us – I’m visiting from the Ultimate Blog challenge and am very grateful.
Glad you’re up and going again!!
Heather Cameron says
Julie: Thanks, I have recovered and hopefully it will help someone else.