Hello. My name is Ashley, and my blog was hacked.
(This is when all of you guys chime in and say “Hello, Ashley.” )
Whew! Now that the whole “admitting” part is over, I feel a lot better! Well… not really. It’s not my favorite story to tell, but sometimes those are the ones that need telling.
There’s a little shame in admitting that you’ve been hacked, don’t you think? For some reason, you didn’t know all of the things you were supposed to do to stay safe. You had weak password, or a vulnerable site. You should’ve known better… At least that’s how I felt.
While I’m putting it all out there, I should go ahead and add that I am NOT techy. I know a lot of bloggers say that, but I seriously mean it. I could list the “techy” things that I don’t know how to do, but that list would be too long, and much too boring. It’s important to my story though, so there you have it.
Hello. My name is Ashley, my blog was hacked… and I am very not techy.
I had just gotten back from my first blog conference since the launch of my sweet little Today’s NC with motivation, ideas, and a to do list out the wazoo. That’s when my gmail inbox popped up a new unread message with the subject line:
[Webmaster Tools} Message Summary – > > Malware infection detected. Even my un-techy self knew that this had to be bad.
I hoped it was fake. That happens, right? Like the “IRS” calling my grandma for her bank account number? This was really some scam trying to fish for information… right? I called my web developer in. It’s handy that he’s my husband and also works out of our home.
That’s when I knew it was real. Now, whenever anyone tried to visit Today’s NC, they would be warned of the suspicious malware. That’s not really good for your online image. We took the site down immediately and put up a single page explaining what was going on. I had no idea what “soon” meant in this case.
I felt violated, annoyed and frustrated. Out of my 4 years of blogging, I had not talked to anyone that had actually been hacked. What did my little blog have to offer some hacker? Should I actually feel flattered that they bothered? Or was I just a practice site for the big blog they would move onto next? Even more, why did I not have the know how to prevent or fix my blog hack?!?
So my live-in web developer got to work. What did he do? How did he fix the blog hack?
How We Fixed a Blog Hack:
- Downloaded the site from WordPress.
- Downloaded and saved the database from the host provider.
- Deleted the database from host.
- Reinstalled WordPress.
- Added the WordPress download xml (contains posts and pics) to our test site and confirmed these files were not infected.
- Downloaded the test site xml and loaded back to the original site.
If you are not tech savvy, you definitely need someone around who is. Web development is not my husband’s day job, but he knows the language and has experience. Me? I like to write, make connections, and share information. I’m learning though. Having your blog hacked is good motivation.
Even better than learning how to fix a blog hack, is knowing how to prevent it. Today’s NC is on WordPress, so these are WordPress tips that have helped us.
Tips to Prevent Being Hacked:
- Update, update, update!
- Keep your plugins updated.
- Keep WordPress updated.
- Only have plugins and themes that you actually use.
- Look into a good security plugin. (Wordfence is what we have now, but do your own research to be sure.)
- Give yourself one of those whacked out, you never will remember, no real words, CAPTCHA image like passwords. It makes a difference.
Ashley is a freelance writer, blogger, and current stay at home mom for two silly boys. A graduate of East Carolina, Ashley spent 7 years out in Seattle before moving back to NC. Her love of North Carolina inspired her to create the site Today’s NC to encourage everyone to see, learn, and do more in and around North Carolina and the Triangle. You can follow her personal Twitter account @AshleyBShaffer.