Last month my blog was hacked. So I spent the month learning about how to clean up an infected website. I have had some experience cleaning up infected computers, but cleaning up a website up was a very new challenge especially since I just started hosting my blog on my own domain a few months ago.
More Common than you Think
Apparently, hacked websites are more common than you would think. In fact, 70 of the top 100 websites on the internet, in 2008, hosted malicious content, or contained a link that redirect people to a malicious site. So a website that you think is legitimate, could actually be where your computer gets infected.
Hackers Redirected Traffic Away from my Site
**People visiting Crazymoos.com**
In this case, the hack was redirecting all the traffic from my site to a Russian web site. If you came to my site last month, you might have seen that you got redirected, or you may have seen an error message that said “page not found.” I didn’t realize this for awhile because when I was logged into my website, the hacker didn’t redirect me. That way I wouldn’t think anything was wrong. Apparently the hacker was successful, because I didn’t notice my site was hacked until someone told me.
The results of the hack were devastating to my blog. In no time at all, visits to my site were down significantly. Google had also cut me off from the Google search results. Everyone was being redirected to the malicious Russian website.
Scan Any Website for Malware – Sucuri.net
If you think a website is infected with malware, you can actually run a scan of that site for free online. Sucuri.net is a great tool that will allow you to scan any website, and find out if your site actually has a problem. In addition to scanning, Sucuri will also fix your site, scan it periodically, and protect your site for a very reasonable rate. If you have a website that gets a lot of traffic, I see this as being a great investment. Lost traffic can easily add up to lost revenues, so definitely consider this option if you have an online store, or a large blog.
I like to save money though so I continued to try to fix the website myself. After performing the scan with Sucuri, and reading a bunch of articles online about the subject, I figured out that the hack was in my .htaccess file on my server. The .htaccess file, in my understanding, can redirect people to other sites. So I checked the file and sure enough, there was a bunch of garbage written in there that redirected people to a number of malicious websites.
So I tried replacing the file with a backed up version, but that only partly worked. I ran another Sucuri scan, and it said I had a few more errors. So at this point, I just decided to get some help, and finish cleaning it up.
3 Ways to Protect your WordPress Website
According to various articles, wordpress sites are very easy to hack. In fact, one website I found had a video of someone hacking it in less than 2 minutes. Most hacks are automated, not someone sitting behind a computer. There are a few very easy ways to protect your website. So if you haven’t thought about strengthening your website security, you might want to. A few protective measures could save you a lot of time and frustration. As you can see, I speak from experience.
- Back it up – One easy way to protect you site is to backup your website periodically. There are a few wordpress plugins that can backup your blog automatically on a periodic basis. WordPress Database Backup is an excellent one. Just install it, and select how you want to save the backups. You can have the backup sent directly to your email so you have a copy whenever you need it. If your site gets hacked, you can simply restore it to an earlier time with the backup versions.
- Update periodically – Another easy way to protect your website is to update wordpress and your plugins whenever a new version comes out. The updates frequently close access points that hackers can exploit. Old versions of wordpress and your plugins, make it much easier for them to hack your site.
- Limit login attempts – Limiting the amount of times you can enter to login to your website is another good way to stop hacks. Since most people’s wordpress admin account is “Admin,” hackers only have to guess the password. Limiting the amount of times they can guess will protect your site from hackers trying to guess the password. Limit Login Attempts is a great plugin that you can install to prevent this kind of attack.
There are a number of other things you can do to protect your website, but these are just a few of the easiest ones. So learn from my experience, and protect your site against hackers. It really would have saveed me a lot of time having a clean backup on hand. I would have rather spent my time blogging than cleaning up a mess. The upside is that I learned a lot about all this.
So Crazymoos is back up and running better than ever before. So be looking for some new posts in the near future!