I was hacked!
Yep, you read the title right, I was hacked! It amazes me that there are so many people out there spending their time just to be destructive and harmful. I wonder if these people put their efforts into anything good what might be able to come out of it, but that’s an entirely different topic. On Friday little old digitalphotobuzz.com was hacked into. It looks like this was actually a pretty big hack that someone did to a lot of sites hosted on Network Solutions and GoDaddys servers, it seems like there could easily have been thousands of website effected. Some people (and from what I can gather only a few people) that came to our site on Friday or Saturday morning were redirected to another site that was one of those fake PC scan sites. The website pretends it is performing a scan of your website and that you have a virus and need to download something to “fix” it. Well the fix is a virus and that is the main goal of them getting you to their site. Thankfully I found out about this right away and after many hours of going through all of the files of the website got everything removed and back to normal mid Saturday morning. I am sorry for the inconvenience it caused any of you and hope that nobody downloaded the files from that website and got a virus.
Going through the process did teach me a few things about security and some things that can apply to a lot of you. Since I know a lot of you use wordpress for your photography blogs (the same platform that this website runs off) I wanted to share a few thoughts with you and some suggestions on how to prevent your site from being hacked. It seems that hackers are getting better and better every day so we really need to have a schedule to make sure our blogs are safe and also backed up. Here are some tips I have learned from this whole experience that can help us all keep our wordpress blogs safe and secure.
Always watch your website – I always have a habit of checking my website while I am on the go. With my iPhone I tend to check my website to make sure it’s up and running at least a few times a day when I am idle for a second. Thankfully this really helped out this time, I noticed late Friday that when going to my site it took me to another site that Safari blocked as a virus site. It came up fine a few minutes later from my computer but still had me interested to see what was going on. After awhile of searching I found the problem and a few hours later was virus free. If you don’t check your site that often it could be days, weeks or months before you find out the problem is there and can be harder to fix and more people impacted which is going to be bad for your brand.
Backup, Backup, Backup – Just like your clients photos or anything digital remember to backup your blog. With a wordpress blog there are actually two things you should have a backup of. The main files and your database. Backing up your main files is easy, just login to your FTP account and drag and drop your files on to a folder on your computer. Make sure that folder is backed up also though. To backup your database there are a few ways to do this. The easiest I have found is a wordpress plug in that will back it up automatically and send you the file in an email. The plug-in is called WordPress Database Backup. I have been backing up my site pretty regularly over the last year so it really put me at ease when these problems started coming up the other day.
Always upgrade wordpress – If you are like me you login to wordpress to create a new post and see that friendly message at the top, Upgrade to WordPress v.3.xxx. I see it and think when I have a little more time I will upgrade and normally that little more time never comes and I never upgrade. Well never is a stretch, but I normally wait for months before upgrading. That is one of the biggest holes you can have for your blog to get hacked. There are always security holes hackers are looking to exploit and a lot of these exploits are fixed with the most recent version of wordpress (until the hackers figure out a way around the new fix).
Change your password – I have to admit this used to be another thing I really was bad at. I would set one password and leave it there for a long time. Now I am changing the password pretty often and using a password generator to create a very strong password. As a side note if you don’t have any password managers for your computer check out 1password. It keeps track of all your passwords and can create really strong passwords for you. They also have an iPhone and iPad app available which I highly recommend.
Keep your plugins up to date – Another security hole is outdated plugins. This is something I used to put off also, I would see the indicator there was an update for a plugin but never thought it to be too important to update so put it off for another day. Hackers know plugins that have holes and will exploit them, keeping your plugins updated can help keep them at bay.
There are many other more technical things you can do to your web permissions and protecting certain files and folders on your site but the tips above should be a good starting point to keep you (and me) much more safe and secure.
Going forward I have learned a lot and now have regular maintenance and updates scheduled in my calendar every week to prevent this from happening again. I hope this doesn’t happen to any of you, and remember to always be weary of links or websites that don’t look like they should. There are too many people out there on the web trying to cause havoc and unfortunately we have to be extremely cautious online.
This post is sponsored by Collages.net