Just when my blogging life seemed to be running smoothly after re-branding both my sites, FineArtTips.com got hacked – again!
This is a long post, but those of you who are interested in blogging and using WordPress might learn how to prevent a malicious hack like I have endured…
I was hacked in August 2011, and both my WordPress blogs were down for nearly 3 weeks. I lost blog posts, tons of traffic, and my Google ranking fell. It took at least 6 months to regain my blogging momentum.
But, this time was different. My blog was the only one on the virtual dedicated server that was hacked! Why? Lucky me, why couldn’t I win the lottery instead?
Rest assured, hackers don’t generally go after individual bloggers. Most often they target web hosts who have weak spots within their system. These vulnerabilities allow hackers to deface multiple sites, even hundreds at a time. In 2011, this is exactly what happened to my web host’s server – we were all hacked.
However this time, I was specifically targeted.
Here’s how it happened…
One evening, I tried logging into my admin page. Everything looked normal, but after numerous failed attempts, my blog wouldn’t accept my password. Reluctantly, I decided to change my password. This worked, and I was able to access my blog. However, when I visited my blog the next morning, a blue screen welcomed me with demonic music saying, “You’ve been hacked!”
The first step…
I immediately called my web host/developer who then took down my blog for repair. After that, I had terrible customer support and service. It was very stressful and disheartening. Once again, this immediately hurt my traffic and Google ranking. I was very unhappy with my webmaster and his hosting company which used GoDaddy. (Now I use BlueHost and LOVE them!)
My Twitter friends and readers were very supportive during this time. I received phone calls, emails and tweets with offers to help. My good Twitter friend, Todd McPhetridge (a talented photographer and a popular guest post contributor) was especially helpful as he spent many hours coaching me through the ordeal. Todd encouraged me to get all my passwords so I could begin to migrate my blogs to a new hosting company.
Finally, I was able to get the phone number and passwords to speak directly with secureserver.net support. Now, I was able to get some answers.
The hosting company had backups, and they rolled my site back to the date before the hack. The security team also ‘scrubbed’ my site and determined the hacker most likely used the WP Super Cache plugin to gain access.
A week later, FineArtTips.com was back up and running. However, I was getting messages and tweets from my supportive readers. My blog visitors were being prompted by a malware pop-up to ‘download-this’ page.
The security team was concerned that malicious script was embedded, but disabling and resetting the permalinks quickly fixed the malware.
The next step…taking control!
Fool me once, shame on you. Fool me twice, shame on me!
After two hacks with the same web host/developer, it was time for me to find a new web developer and migrate my blogs to a new host. I hired Vickey Williams, a talented web developer and friend from my hometown. Unfortunately, migrating this big blog was very complicated – even for her.
Thank God for BlueHost! This hosting company is amazing. It helped clean up the mess caused by the other hosting site and got my site back up and running smoothly. They are trouble shooting champs, and are helpful, they speak English, and they know their business. I HIGHLY recommend BlueHost.com.
My little FineArtTips.com blog was 2.5 gigs – I had created a Frankenstein blog! We learned that the WassUp plugin had a table that created 1 gig of useless data. But, I was unable to get my PHP password from my previous web developer, so we couldn’t delete the table to shrink my database.
*Here’s a note about plugins from Vickey…
WordPress is versatile and customizable. There are so many plugin goodies, but many are bad for you. Plugins are not candy, they are poison! 😉 Before migrating your blog, ‘lean-out’ your unused plugins and delete them. But, make sure to clear out the plugin data before deleting the plugin. Keep your plugins up-to-date, otherwise they are a security risk.
Fellow art blogger, Barney Davey advised me during this time. I learned that GoDaddy.com and some of the other big hosting companies could only accommodate 1 gig for their shared secure server. The other option was, I would have to buy my own virtual dedicated server! This could cost around $1500, plus I didn’t want to learn Plesk – I am an artist, not a programmer.
Thankfully Vickey Williams, explained the importance migrating over to a hosting company who understands WordPress and understands English! She recommended BlueHost.com who are based out of Salt Lake City, Utah. BlueHost.com offered me the Pro Package for under $300 a year! So, to quickly wrap up this story, BlueHost.com helped us migrate both my blogs and their support has been amazing!
My friend Todd, has a few blogging tips to share…
Once You’ve Been Hacked Prayer and Backups are Your Best Options
If I can give you one piece of advice that will save you a lot of heartache it’s this…make backups.Have backups of your backups and automate them so that you don’t have to even think about it. If your site is ever hacked you’ll thank me for it. Your hosting company should have backups, but if for some reason they don’t, you can quickly get back online with your own personal backup. I was hacked a few years ago and called GoDaddy and asked them to roll my site back to a few days before the hack occurred. I was back up and running in a few short hours. That was a huge sigh of relief!
Artists take heed, having backups doesn’t apply to just your site. Protect your art as well. Viruses can damage your computer and destroy all of your hard work. I have multiple external drives that I keep all of my art copies on, just in case. Another option is Google Drive, it’s free for up to 5 gigs of data and the pricing plans are very reasonable. I have some of my more important data stored there as a worst case scenario. You can learn more about Google Drive here: https://support.google.com/drive/bin/answer.py?hl=en&answer=2375123
Lastly, I try to keep my plugins to a bare minimum, because the more plugins you have, the greater your risk of being hacked. I also delete any plugins that I’m not using just to be on the safe side.
Here’s three plugins that I highly recommend to really help your site in the search engines and the overall user experience:
In a nutshell, here’s what I learned…
- Find a reputable web host with 24-hour support.
- Find someone who understands WordPress and English (or your own language).
- Own your own domain! You want to control and own your site and its intellectual property.
- Have a good working relationship with your web developer.
- Know and keep a record of your own passwords!
- This includes your admin password
- Your FTP password
- Your PHP password
- Backup your data!!! Vickey introduced me to BackupBuddy.com
- Keep your WordPress theme up-to-date. Here’s a great post about WordPress vulnerabilities and how to fix them.
- According to ESecurityPlanet.com, nearly 80 million websites in the world run on the WordPress publishing platform.
- Half of all WordPress sites are self-hosted which makes them a popular target for hackers.
- Use WordPress approved Plugins
- Keep your plugins up-to-date. Out-of-date plugins can break your site. Here’s an informative post about plugins.
- They are a security risk.
- Minimize plugins
- Add an extra layer of malware security scanning! I bought easy-to-use Sucuri.net
My hope is to educate my fellow bloggers, especially WordPress users on ways to prevent becoming a victim of a malicious hack. Honestly, I almost abandoned FineArtTips.com. I blog because I love to help others, and your kind words have kept me going. Thank you for your support. ~Lori
PS. I’d also like to thank my good friends at ArtworkArchive.com for offering their geek expertise! Please check out their brilliant artwork inventory and tracking system. If you have any other tips about hacking, please leave a comment for others!
Here’s my art website, LoriMcNee.com, and I’m on Facebook Fine Art Tips Facebook Fan Page, on Twitter, Google Plus and on Pinterest. You might want to check out and my fine art prints and notecards on Fine Art America. Thank you!