Probably a phrase that no one in the community ever wants to utter. I bet you’ll probably stop reading this post temporarily just to take a look at your website to ensure that it is still up and in-tact. Some of you may even clear your cache and refresh to be double sure. Does this type of thing happen often, yes! Does this happen to anyone or just you? If you’ve been hacked before it sure feels like it was just you out of the millions of active websites on the interwebs. You can’t feel too bad about it, it was probably bound to happen if you have never thought to make the necessary steps to keep your website secure.
So what do you do now that your staring at some ugly graphics and text that reconfirms the obvious that your website has been hacked? Check out this list of options below:
Contact Your Hosting Company
Inform them that your website has been compromised so that they may be able to take steps to isolate the problem to a specific server or files before it spills over into your neighbors yard. Most websites operate on shared servers. This means on any given server there could be multiple websites of all types sharing space. Kind of like the electrical box outside your house.
Protect Your Own Computer
Once you’ve learned that your website has in fact been hacked, trying to navigate around it may not be wise as files may be compromised. Clicking on links or images may unload spyware or malware to your local computer that may wreak havoc on your home/work network and systems.
Pull Up A Backup of Your Database or Website
This of course is considering you set a plan for backups to your website on some type of regular basis. We use a plugin called WordPress Database Backup from Austin Matzko, however that plugin hasn’t been updated in a while. So I’d suggest BackWPup by Inpsyde. There’s a host of options including backing up to your Dropbox account. You can also perform your own backups by heading over to the Tools section, then clicking on the Export option and saving that to your local computer. Now if you do have a backup, you’ll be using the same plugin for backing up (in some cases) and choosing the import feature, or using the native import feature through the Tools section in your WordPress dashboard.
Get A Fresh Copy of WordPress
Go to WordPress.org and get yourself a fresh copy of whatever current version is out at the moment. There are a few files however that you’re not going to want to alter as they will consist of vital data pertaining to your website.
- wp-config.php (contains your database, host, password, and more)
- wp-content (FOLDER) (this is where your themes and plugins are stored)
There are a few files that you should delete regardless if your site is new, hacked, or not:
If you’re not sure, make a copy while your in your FTP to your server side and rename the parent folders to :whatevername.old” or “whateverfile.php.old”. This way when you upload new files you won’t overwrite the preserved ones and you’ll still have fresh files loaded where compromised ones may have been.
Change Your Database Password
This same password is listed in your WP-CONFIG.php file so you’ll need to go through your host control panel to edit your MySQL database to edit this. Once updated to something WAY more secure and different, edit the password in your wp-config.php file and re-upload that to your server. I shouldn’t stress that this shouldn’t be the same password as your Dashboard user login.
Speaking of users, be sure that you are NOT using the default “admin” account to login to your site. If so please create a new login with a better username like your nickname plus favorite 5 digit number, add in some spaces and a few capital letters while you’re at it. Brute force attacks on WordPress sites are common and over 90% of the time they are trying under the “admin” username.
Be sure you’re using the most udpated version of PHP. Could be 5.2 or 5.4. Check with your hosting company as well as your theme to be sure you’re where you need to be.
Login to WordPress and Check Around
See if there are any new users accounts (especially administrator ones) that you know shouldn’t be there. Update the passwords on the remaining ones you know are authorized. See if there are any new pages, posts, media files, etc that you know you didn’t load. Remove them too. If you did preserve some files or folders, you may have to reload your theme(s) and plugins. Not a big deal since you’ll easily be able to see them from your preserved files/folders.
Keep Up To Date
Be sure to keep in-step with security updates from WordPress. If you ever see a 3.x.x update, chances are is a vulnerability update and it will be an update to patch something that someone from Automattic or the WordPress community has discovered. Also check in on your plugins and themes to see if they have updates. Most theme houses like Themeforest or WooThemes will contact you via email whenever there are updates pushed by the submitting developers. If not, take some steps to stay up to date on your own. Beware of some free themes you find on the net too. There usually is no accountability or liability should that theme go un-updated for months or years yet still be available as free. Or worse yet, repackaged and loaded on other sites as a free theme yet its now loaded with malware.
Install Preventative Security Plugins
While there are a host of plugins you can choose from, some free, some premium; GET SOME! I’m more of a fan of premium plugins from respectable developers versus free ones because truly, you get what you pay for. The level of responsibility from premium developers to ones just starting out is quite noticeable and to be respected. So what should you use? Here are some suggestions:
Have you had a site get hacked? Have more ways to prevent a site from getting hacked? Share in the comments below!
Some useful links and further tips:
Well this past weekend was the annual WordCamp Miami at the University of Miami. If you read my previous post about the expectations, I’d like to report that they were all met and then some. The amount of developers on site was awesome. A lot of which you’ve read blog posts from, heard about through plugins and software you’ve purchased and use, local, and abroad. The atmosphere was certainly electric.
Going I knew we’d be hit with a ton of information. Equipped with a few Macbook pros, tablets, chargers, and iPhones with MyWi for dedicated internet, we were ready for anything. We had cool badges with our names, Twitter handle, and QR Codes thanks to WP Beginner. Among that we were give a host of items from a cool reusable shopping bag from BlueHost to shot glasses from Woo Themes. Apparently they know that we developers appreciate a nice drink every now and again.
Since we went as a team we split up for most of Saturday’s sessions to try to cover as much as we could and collaborate later. It was totally worth it. Being three different tracks on Saturday and two on Sunday, needless to say there were a lot of options to choose from.
For those of you who didn’t make it, enjoy some of the pictures we took from our mobiles here. And if you’d like to see some of the recordings from the sessions, you can actually do so for FREE on the Live page of the WordCamp Miami website.
If you’ve been in this industry for a while sooner or later you’ll come to a hiccup or worse a wall. Whether you’re a freelancer or the owner of a design firm or anywhere in between you’re not immune from the reality of circumstances and bad luck. Now some mishaps we actually can avoid, and that comes from seasoning and learning how to make good decisions early in time. There was a quote I got recently from a book I’ve been reading that really resonated with me.
“Easy short-term choices lead to difficult long-term consequences, while difficult short-term choices lead to easy long-term consequences.” The Paradox Principle.
I’m here to let you know of some good ways for you to deal with those setbacks. I’m also here to tell you that you’re not alone. We’re all out there at various times of the day or night pulling our hairs out or slamming desks when things don’t work right. Until there’s an 800 number for 24 hour sympathetic support, we have each other.
#1 Walk Away
This tip is probably the most important; walk away for a few hours. When you hit a wall in development, it may not be best for you to fight your frustrations head on. More times than none the more you look at it, the more things will make even less sense. You also run the risk of double thinking some other strings of code you knew were good before but go back and tweak that in hopes that it will fix some later functions that had you messed up in the first place. Ugh! Been there before and probably will be there again. When it happens and it’s been about an hour already, just take my advice and walk away for a few hours to clear your mind. Coming back to it the next morning with a fresh mind and fresh eyes usually makes an issue stick out in such an obvious form you’ll be happy you took off.
#2 Get a Second Opinion
Get a second pair of eyes on your work. You can rub your eyes all you want but still never see clearly. And it may not be your vision, it may just be your lack of understanding or knowledge. One thing I learned early in this business is that I’m not the smartest, but if I can find others that are smarter than me to help when I need them, I’ll still win.
#3 Spend Time On Another Project
It’s never good to waste time. Especially when the weekend is fast approaching and you’ve been pulling some late nights on some deliverables. I refer back to my one-hour law; if you’ve made no progress in an hour, find another project that you know you can pick up and make steady progress on. There is a slight chance the time away working on something else may job your mind on what can help get you through your main setback. Even if there isn’t, you’ll get a sense of accomplishment at the end of your day knowing that you finished some things instead of lost 6+ hours making absolutely no headway on just one piece of work.
#4 Research and Read a Book
There is a possibility you may not know everything. I know crazy right? So why not take some time to look up your exact issue on Google? You’d be surprised at how many other people will have had the same question. While you’re searching the inter-webs why not check out a few forums like Designers Talk or FreelanceSwitch. Great places to put your questions out there and get support from other designers and developers. You can also take this time to read up on your HTML or CSS skills. Remember that bookmark you left on the second chapter of that “Build Your Own Website The Right Way Using HTML & CSS“, well why not pick that book back up and continue reading up. We’re part of a fast paced and ever-changing world so try not to get left behind in technology, otherwise you could be working much harder or longer than you need to.
#5 Relax and Inform
For me it’s music or playing Wii with my kids. Go ahead and indulge a bit into something you enjoy to do. The work will still be there. If your project is pending, go ahead and let yourself off the hook and contact your client(s) and inform them of the setback and that you’ll need some extra time to complete it correctly. It’s key to be honest here because a mountain of other issues will arise later if you don’t. So go ahead and set that expectation to follow-up when you’re back on track, not a projected fix time/date, but a call or email when you action have it figured out and are able to move forward.
So what are your biggest or most recent frustrations in work? Do you have some other ways to handle setbacks? Let us know in the comments below.
Image credits: iStock Photo
You may have received a few web form submissions on your website that at first would seem like a bunch of HTML coding garbage with an email address and name that make absolutely no sense.
I did a bit of research and found out that these are from hackers in China. When I first started to receive them I just deleted them because the forms on our server are not stored on our server but instead are sent via email to our office. Eventually over the next few days I began receiving 5-10 form submissions every few hours each day. This can be terribly troublesome and alarming.
In order to combat this you’ll need to block the IP addresses from those rogue computers/hackers in China. Fortunately for the forms we currently use on our HTML website, the Country and IP addresses are provided. To block them you’ll need to create a HTACCESS file with instructions on blocking the IP addresses. I found this website to be quite informative with a host of IP addresses not only from China, but also other known Countries like Nigeria and Russia. I mean let’s be honest, we know we don’t have a fortune waiting for us in some Nigerian back just waiting to be transferred.
If you need help putting together your own htaccess file, leave us a comment below and we’ll get some details from you and send you one via email.
Hacker Image credit: Iconfinder.com