What to do when your site gets hacked

I’ve been hacked.


It sounds like an intrusion, a rape, a violation and that’s what it is. Someone has metaphorically ‘broken into your house’.

Has your site ever been hacked?

Mine was this last week, completely without my knowledge until I saw a note from Google under a ZigaZag search.

It said:

“This site may be compromised.”

WHAT! My site?

ZigaZag – Live, Work or Play in W.A.


This site may be compromised.
5 days ago – Dolphin Discovery Centre, Dolphin by Jo Castro at ZigaZag. It’s not everyday that you get to commune with wild dolphins, and so when I was

Then I did another search, same thing.

My heart did a belly flop. Now what? Oh crikey, am I infecting others? Is it like I’ve got the flu and anyone who visits my site will get the bug too? Oh no, here’s where I have to delve into technical issues that I don’t want, don’t know where to start, and don’t for the life of me know what’s going on.

My knee jerk reaction was.

“This blogging thing is not worth it. I’m going to give the whole lot up. Get back to writing for print media. There’s just too much back-end stuff to worry about with blogging that I’m not spending enough time writing.”

Farewell dear blog it’s been nice knowing you! Death to the blog!

But WAIT. I love blogging. I really do. What would I do if I didn’t blog?

Actually, a little voice said, your life and your travels and who you are would fade into insignificance – you know you blog to make sense of the world and to help and entertain others. Then another voice of reason said. You’ve worked hard and long to build this site up. To get a Page 3 rank from Google, to attract subscribers, followers and an email list – are you going to throw it all away because some spiteful, malicious hackers have disrupted your database?

No Way!

My inner troops rallied, and I was cross. Cross as a snake. ZigaZag is like my baby and boy you know what a lioness does when her cubs are threatened.


I roared, and I took immediate action. I would learn how to sort this out, and sort it out fast.

What to do when your site gets hacked. Here’s what I did.

Firstly, I clicked on the Google message and read through the recommendations and thought, Hell! Too difficult.

Went to www.sucuri.net where I found out I could get a free malaware scan  (because I wanted to believe that nothing was wrong)

Saw the words In Red : Threats Detected

Roared in anger.

Phoned my hosting company Go Daddy and spoke to their technical consultants. They said that getting hacked was like someone had entered your house, and they sympathised and helped me with the technical stuff that I needed to consider.

I checked out some of the useful threads on the WordPress Help where I had searched things like: What to do when your site gets hacked, Hacked Site, How to prevent my site from hacks. I read through them and made notes on a couple of places to start which included doing the following.

I installed a Plugin on ZigaZag, called OSE Firewall, and spent a while trying to figure out the settings. Managed that.

Immediately started getting emails informing me of “Attack Details” and then I realised how many attacks are happening almost hourly – and that it  must be so important to have a WordPress firewall installed to avert and block them.

Signed up with Sucuri for a Malaware clean up ($89.99 per year) which includes:

  • Malware Cleanup (No page limit)
  • Website Integrity Monitoring
  • Email & Twitter Alerting
  • Manual Website Scanning
  • Blacklist Removal

Spoke via email to Michael VanDeMar at Smackdown

Michael was really really helpful. And his rates to clean up sites are not expensive. He also has a lot of advice on his site.

He told me to do immediate back ups of my database and files. Go Daddy helped me with the back up of my database and sent me an email step by step tutorial on backing up my files. Then I installed a WordPress plugin to back up the database automatically in the future.

After that I decided to simplify my blogging life and deleted all domains and WordPress accounts that were linked to ZigaZag which I thought I might do something with one day, or that (ahem) I was going to sell for a fortune one day (yes, there were a few – I can be impulsive). I also realised that hackers may have crept in via one of these accounts, because I hadn’t been updating them regularly – ie keeping the plugins and new wordpress versions up to date.

Wham. Zippo! Gone!

And I felt lighter. I also felt more committed to ZigaZag (my prettiest baby) and happy to nurture my personal site www.jocastro.com and my blogging site www.blogonwithit.com because I might like to re-ignite them one of these days.

From start to finish I had Two sleepless  nights along with quite a few emails back and forth from Sucuri asking me for passwords and usernames and technical details – which quick phonecalls to Go Daddy helped me sort out.

Then this morning I had the loveliest of lovely emails from Sucuri  who told me they had deleted the spam and malaware and my site was verified clean.

Phew, what a relief. Holy crap, what a relief. Things could have been much worse, but hey ho, ZigaZag lives to tell another day.

I am so grateful to everyone who’s helped me sort this out quickly 🙂

Has your site ever been hacked? What can you recommend to help others?

Please follow and like us:


  1. Jenny Buzer

    I am SO impressed. When anything computer/pad/phone goes haywire for me I admit defeat instantly and call for youthful assistance. (I have mastered the remote now, but still mess up Apple tv). Well done Jo!

  2. Thanks Jenny! To tell you the truth I am much the same EXCEPT when it comes to my blog. I have no idea nor inclination about how to use the TV remote,how to record Foxtel programmes, or how to use the microwave to its full potential. But for ZigaZag I’ll stay up all night and grapple with technology. Mad or obsessed? Go figure!

  3. kirri white

    I rebranded my site in January and have a Scuri security plug-in installed. I have learnt how to secure my site as much as I can but it still freaks me out when I get notifications of the amount of attempted log ins by someone else. It happens almost every day.

    I’m always wondering who it could be and WHY??

  4. Hi Kirri, me too. I was told that a lot of those attempts are automated and there’s not much you can do except keep your site as secure as you know how, and keep the files and database backed up regularly.

  5. Oh Dear – I am crossing my fingers AND toes. If mine does get attacked I know where to go for How to Fix it.

  6. I really hope you keep safe too Jan, but yes, please do contact me if I can help in the future.

  7. What a horrible thing to happen but thanks for highlighting it and what to do should it happen! It’s great that you got it sorted out so quickly.

  8. Thanks Teresa, and yes, hope it helps other peeps if it ever happens to them too.

  9. What a horrible thing to happen, I’m glad you got it sorted out.
    If this would happen to me, I would totally freak out but at least know now what to do.

  10. I totally freaked out too Freya, and it took some time to sort out – so I really hope there are pointers here to make the process shorter if it happens to others.

  11. The worst I’ve ever had was being Stumbled and the flood of visitors brought my site down, but my host put up a sign saying I was “Suspended”
    What?? For being so popular LOL
    I suggested to them after I was back up and running they re-word that as I was horrified my visitors would think I’d been bad 🙁
    But being hacked sounds super horrendous –
    Pleased I now have an expert I know I can come running to if ever…

  12. Oh gosh Linda, that sounds a bit hectic! I agree, you shouldn’t be penalised for being popular! glad it’s sorted and yep, you’ve got me if anything else happens 😉

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Pin It