On Valentines Day I came home from work around 6:30 in the afternoon. Mrs. C. had some errands to run, so while I was waiting at the house for her to come back I checked my Google Analytics page. I typically only look at this every couple weeks. I noticed there had been a sharp reduction in traffic and there was ZERO search traffic from my top 3 articles. This seemed really odd. I then googled for those search terms and found that my website still appeared in the search results, however the name of the article and the meta description had been changed to something like “Free Casino Slot Games.” I was horrified to discover that my website was hacked. This is the type of thing I was running into:
I thought for sure that everything was gone and there was no way I could recover it. I was in complete panic mode. I was able to log into my WordPress account and I immediately changed my password. After that I started looking for any files that looked odd. Then I started searching through the page code of several files to find the issues. I thought I was having some success, but I ended up making things worse. I found a file that didn’t belong titled “leontyne-awakes.php” and I deleted it. After deleting it any time someone arrived at my site they would receive a 404 file not found page. Basically the malware was redirecting all hits to that file, which mirrored the actual page, but most likely included some form of malware or spam links.
I continued to search through all the code in my editor and through various files that google searches recommended I look at for hidden code. I figured if I found code that directed that file I found to open I would be able to defeat this hack on my website and return it to normal. I searched through all of the files in WordPress Editor, and then started searching through all the files in the directory for my website under my GoDaddy account.
Mrs. C. To The Rescue:
Mrs. C. thought that I should contact my hosting provider to see if they could help. I told her that I don’t pay for any security service and I’m sure that there is nothing they can do. At this point I had been searching through lines of code for 5 hours, in a panic, and I had made little progress. She opened a chat window with GoDaddy and they said that they could help if I purchased their security package. There was no risk because if I wasn’t satisfied I could cancel within 30 days.
How GoDaddy Security Helped After My Website Was Hacked:
The cost for the security plan we chose with GoDaddy was Website Security Essential for $179 for 3 years. This works out to $5 per month, which is a small price to pay to know your files are secure, and since this website generates around $200 per month, paying 2.5% of that amount per month to keep that stream of income secure is well worth it. I was fairly skeptical at first. The program has to run a scan before you can ask for a person to help. The scan seemed to take a long time, it was already late so I went to sleep and let the scan do its thing. The next day when I woke up for work I submitted a ticket to the security team explaining what was happening to my website. 30 minutes later I had a stream of emails informing me of what had been found, what had been deleted, and what other actions had taken place. They advised me to update all of my out of date plugins and themes as well.
When I returned home from work on Thursday I went to update my plugins and I received an error message. It was one line of text referencing a code in a theme template (a theme I didn’t use any more), and that was it. This showed up on my wp-admin page so I couldn’t do anything to fix it. This also showed up for anyone who visited my website on February 15th. I again asked GoDaddy for help and they were able to fix this problem quickly on Friday morning. My top few articles still had the spammy meta-data appearing when showing up in search results, but the GoDaddy security expert assured me that Google should index it shortly and it will go away. Late on Saturday my articles started to get updated in Google with the spammy metadata disappearing.
On Sunday I was going to publish an article I had spent a lot of time on. When I opened it in my drafts it was an early draft that only had around 300 words, as opposed to the 4,000 word article I had produced. I looked around my drafts and this was the case for several articles. What really sucks about this is that I am about to start working 75 hour weeks and I purposefully built up over a half dozen articles ready to publish so that I could keep up with my weekly posting schedule. I like to write, but it feels like such a chore when I have to try to re-write the same article I already wrote.
This is highly frustrating, but in the grand scheme of things isn’t a huge deal. I thought I had lost 300 articles, close to a dozen pages, and all of the work I had put into formatting, images, widgets, and the like. As of today there are still several articles that retain the spammy meta data and my traffic is still down compared to before my website was hacked.
Overall my website experienced 3 days of really low traffic, 2 days of moderately low traffic and so far roughly a week of traffic reduced roughly 10% from my previous norm. I’m really thankful that I caught this early and that Action Economics is now in recovery.
- Delete old plugins and themes that are out of date and that you don’t use. Keep the ones you do use updated. Hackers can use security vulnerabilities in these plugins to accesss your site.
- Have a unique complex password. Hackers can use a program to constantly guess passwords. The more unique your password is the less likely it is to be figured out.
- Pay for protection. I know it seems like a large amount of money, however you have to weigh that against what you value your site at. I was absolutely horrified to find out that my website had been hacked. If I had already been paying for GoDaddy’s service the attack would have potentially been caught before it happened. Right now you can get 30% off of new services with GoDaddy using this link.
- If your website is hacked, inform everyone you can. I sent out a Facebook message and an email to all subscribers to let them know the situation.
- Save your drafts in a word document. This is helpful in situations like this where a hack took place and for situations where WordPress fails. I have had multiple occasions where I went to save a draft and WordPress failed, deleting all of my progress.
Overall this was quite the educational experience for me. For all the other bloggers and website owners reading this blog, what steps have you taken to prevent your website from getting hacked? Have you ever been hacked?