As you may have heard, on Friday evening I got what was to be the first of a couple of emails from some very helpful people telling me that there was a big message up from Google saying that WPShout contained viruses, spyware, the lot! I took a look for myself and sure enough, WPShout had been hacked somehow.
This isn’t good.
I’m fairly happy with my security; there are lots of little tips and tricks I use that make the site harder to hack than most, leaving me with the impression most hackers just wouldn’t bother and move on to the thousands more WordPress blogs without the extra layer of security.
I was wrong, evidently.
So how did they get in?
I’m not going to lie, I’ve still no idea. I’ve got my suspicions but until I’ve got the time to investigate, it’s very much in the dark. In the meantime I’ve put in place some “emergency measures” blocking access to just about everything for everyone apart from me, on my IP.
How did you fix it?
I found out just as I was about to go out so the quick fix was to restore a backup. This got the issue to go away immediately so whilst not the best way of doing things, worked.
So what can I do to make my site safer?
I don’t think I’m really qualified to answer that question anymore! The security category archives’ advice is still relevant and will give you that extra layer of protection. Ultimately, it’s not enough and without a dedicated server, secure backend sessions and the like it’s very hard to have a “secure” site on shared hosting.
That’s not particularly helpful, but it’s (in my opinion) true. That doesn’t mean you can’t do anything though; make sure that extra layer of security is there and only hackers who are determined enough will bother to make the breakthrough. Having up-to-date backup archives is really important too. That way you can quickly restore your site to a working state whilst you find the threat.
Good luck, you might well need it!
Hey Alex, i liked what you said about the “quick fix” that worked… the thing is, this has given me a bit of a gut tickling reminder that we cannot be fire fighting all the time, and there are foundational details to look out for.
I guess that’s the business of business : )
@Hannah: Hmm now I’m wondering how much current events affect the incidences of hacking – eg. in a recession or crisis, is there a good way to find out how much (more) people are tempted into illicit activity?
Hi Alex, thank you for sharing your experience with getting your site hacked. I too was a victim of site hacking and it’s really disturbing how people even think of ruining other people with that. But after that shocking experience, I have learned to better care for my website in terms of safety and security so all is well. And thank goodness for backups!
A pleasure! BackupBuddy is a godsend in such situations!
Sad people with nothing better to do than cause trouble for us folks who are trying to earn a bit of money without hurting anybody.
Glad you got it fixed Alex. 🙂
I agree with you Dean. I do not understand why people would even think of doing such things.
testing gravator 😉
Hi Alex . I use the google chrome and when i go to WPShout (link in your bio indormation), chrome tell me that :
“Attention! Visiting of this site can harm to your computer.
The web site wpshift.com contains elements from a site withthefirstgo.com on which the harmful, apparently, is placed”
But in the other brousers all right. Whether it is not assured it will help you, but has simply decided to tell
P.S. Sorry for my english , i’m a foreigner.
I thought i was at least “hard” to hack it with the lastest version 🙁
Regards.
Great job, Alex! After all, still a great reference.