Here We Go: Hacking!

My blog was hacked last week. Sometime between 6am-9am on a Wednesday morning, EVERYTHING WAS DELETED. It’s the worst feeling. At first I was confused. I (like a weirdo, vain person) checked my blog around 9AM to make sure everything looked okay. I got a 404 error. Refresh. 404 error. Refresh. I got sort of annoyed and tried to log into WordPress. 404 error. AH! I called my hosting company and quickly explained what was happening. The customer service rep verified my URL and said those dreaded words, “It looks like you got hacked. All your files are gone.” Say whaaaaat?

Luckily I knew what to do. I worked for a hosting company back in 2009 and handled these kinds of problems daily. Sadly, most people don’t know what to do (or how to prevent it). That is exactly why I wrote this post.

How do they do it?

It’s easy to feel frustrated or personally attacked when your site or blog goes down due to hacking. Usually, it’s not personal. Your arch-nemesis isn’t sitting in their basement deleting all your files. What happens is a hacker runs automated scripts that look for known vulnerabilities in your site (especially outdated WordPress installations) and gains access through those holes. It’s like if you ignore the fact that your window screen has little rips or tears. It seems irrelevant until you wake up with 20 mosquito bites.

If a hacker can’t gain access that way, they can move on to find holes in your plugins, themes, your weak password, email or FTP. Mark wrote an awesome article titled 7 Ways I Could Hack Into Your WordPress Site. I suggest reading it!

How to prevent it.

Now that you know how they do it, it feels a little easier to prevent it. Here is my own checklist:

  1. Make your passwords complicated and make all your logins different. (Comic above found here via @teahousekitten. I laughed.)
  2. Always keep your WordPress install, themes and plugins up to date. When they find holes, they release newer versions.
  3. Keep backups of your blog + files hosted on the server.
  4. If you log into your blog as “Admin.” Change that. Here’s how.
  5. Remove the “Powered by WordPress” link at in your footer. Hackers can do a search for this.
  6. Set up 2-step verification on your Gmail account. (Great tip from Shoogle Designs)

Please note: there are many, many more measures that you can take to prevent being hacked. This article by Mastermind Blogger shared great tips that are a bit more technical and complicated. Be sure to give it a read if you feel comfortable enough to address some of these issues.

“Everything was dumb and then I sobbed.” – Quote from blogger Kara Haupt. Totally sums it up.

Still got hacked? Here’s what I’d do.

First of all, breathe. Freaking out and screaming at your hosting company’s customer service rep isn’t going to speed up the process (believe me, I’ve been there and when customers were swearing at me…I didn’t necessarily feel sorry for them). Here’s what I did (and what I would suggest you do too):

  1. Call your hosting provider. Explain what you think has happened.
  2. Ask them to scan your files for malicious code.
  3. Ask them when the most recent backup of your files has been taken & ask for a clean restore.
  4. Change all your passwords. That means WordPress, FTP, email accounts.
  5. Scan your computer for viruses. I don’t tend to do this with my Macs but I would definitely advise you to!
  6. Go to Google Webmaster and prove ownership of your site/ask for a review if you have the malware warning.

I would refer to this article by WordPress if you feel comfortable diving into some of their more technical tips (like server side permissions, changing your secret keys, checking for malware).

I’m not a hacker OR a pro at preventing it, but since it did JUST happen to me I thought I’d share my own tips in a simple, straightforward way. If you have any questions, feel free to leave it in the comments section. If I can’t answer it, I’ll find the answer for you. I also will gladly accept more tips and advice and I’m sure others would appreciate it as well.

March 21, 2012