I’ve been hacked.
It sounds like an intrusion, a rape, a violation and that’s what it is. Someone has metaphorically ‘broken into your house’.
Has your site ever been hacked?
Mine was this last week, completely without my knowledge until I saw a note from Google under a ZigaZag search.
“This site may be compromised.”
WHAT! My site?
This site may be compromised.
5 days ago – Dolphin Discovery Centre, Dolphin by Jo Castro at ZigaZag. It’s not everyday that you get to commune with wild dolphins, and so when I was …
Then I did another search, same thing.
My heart did a belly flop. Now what? Oh crikey, am I infecting others? Is it like I’ve got the flu and anyone who visits my site will get the bug too? Oh no, here’s where I have to delve into technical issues that I don’t want, don’t know where to start, and don’t for the life of me know what’s going on.
My knee jerk reaction was.
“This blogging thing is not worth it. I’m going to give the whole lot up. Get back to writing for print media. There’s just too much back-end stuff to worry about with blogging that I’m not spending enough time writing.”
Farewell dear blog it’s been nice knowing you! Death to the blog!
But WAIT. I love blogging. I really do. What would I do if I didn’t blog?
Actually, a little voice said, your life and your travels and who you are would fade into insignificance – you know you blog to make sense of the world and to help and entertain others. Then another voice of reason said. You’ve worked hard and long to build this site up. To get a Page 3 rank from Google, to attract subscribers, followers and an email list – are you going to throw it all away because some spiteful, malicious hackers have disrupted your database?
My inner troops rallied, and I was cross. Cross as a snake. ZigaZag is like my baby and boy you know what a lioness does when her cubs are threatened.
I roared, and I took immediate action. I would learn how to sort this out, and sort it out fast.
What to do when your site gets hacked. Here’s what I did.
Firstly, I clicked on the Google message and read through the recommendations and thought, Hell! Too difficult.
Went to www.sucuri.net where I found out I could get a free malaware scan (because I wanted to believe that nothing was wrong)
Saw the words In Red : Threats Detected
Roared in anger.
Phoned my hosting company Go Daddy and spoke to their technical consultants. They said that getting hacked was like someone had entered your house, and they sympathised and helped me with the technical stuff that I needed to consider.
I checked out some of the useful threads on the WordPress Help where I had searched things like: What to do when your site gets hacked, Hacked Site, How to prevent my site from hacks. I read through them and made notes on a couple of places to start which included doing the following.
I installed a Plugin on ZigaZag, called OSE Firewall, and spent a while trying to figure out the settings. Managed that.
Immediately started getting emails informing me of “Attack Details” and then I realised how many attacks are happening almost hourly – and that it must be so important to have a WordPress firewall installed to avert and block them.
Signed up with Sucuri for a Malaware clean up ($89.99 per year) which includes:
- Malware Cleanup (No page limit)
- Website Integrity Monitoring
- Email & Twitter Alerting
- Manual Website Scanning
- Blacklist Removal
Spoke via email to Michael VanDeMar at Smackdown
Michael was really really helpful. And his rates to clean up sites are not expensive. He also has a lot of advice on his site.
He told me to do immediate back ups of my database and files. Go Daddy helped me with the back up of my database and sent me an email step by step tutorial on backing up my files. Then I installed a WordPress plugin to back up the database automatically in the future.
After that I decided to simplify my blogging life and deleted all domains and WordPress accounts that were linked to ZigaZag which I thought I might do something with one day, or that (ahem) I was going to sell for a fortune one day (yes, there were a few – I can be impulsive). I also realised that hackers may have crept in via one of these accounts, because I hadn’t been updating them regularly – ie keeping the plugins and new wordpress versions up to date.
Wham. Zippo! Gone!
And I felt lighter. I also felt more committed to ZigaZag (my prettiest baby) and happy to nurture my personal site www.jocastro.com and my blogging site www.blogonwithit.com because I might like to re-ignite them one of these days.
From start to finish I had Two sleepless nights along with quite a few emails back and forth from Sucuri asking me for passwords and usernames and technical details – which quick phonecalls to Go Daddy helped me sort out.
Then this morning I had the loveliest of lovely emails from Sucuri who told me they had deleted the spam and malaware and my site was verified clean.
Phew, what a relief. Holy crap, what a relief. Things could have been much worse, but hey ho, ZigaZag lives to tell another day.
I am so grateful to everyone who’s helped me sort this out quickly 🙂
Has your site ever been hacked? What can you recommend to help others?