I never thought my website would get hacked. I have read the horror stories and knew it was a real threat, but I just felt certain that I wasn’t going to deal with that sort of thing on my color loving little biz blog and never took steps to protect my site from a website hacker. Well… I was wrong.
In early February, I was going through some really tough personal stuff with our family. At the time, I had gone into my ob-gyn to investigate some odd symptoms, and we found out I was either having an ectopic pregnancy or recovering from a miscarriage in January that had some lingering symptoms.
Those days of waiting and testing were agonizing and I did what any writer would do, I wrote about it and the fears I was sitting in. I wrote a very personal post about the situation we were in and the support we needed to get through the wait for answers. That post went live on Thursday and I was really blown away from all of the love and prayers our friends poured out over us.
On Sunday, a few days later, a sweet blog reader sent me an email. In it she was telling me how much she loved the site and was working on making her own blog design. Then she dropped the bomb (thankfully!!). She let me know that she hopped back over to my blog that day for inspiration for her own design and that she noticed something very odd on my last post (said personal one above). It looked like my site had been hacked.
In dread I typed in my web address and low and behold, she was right. On my very personal and very raw post was a GIF of a foreign flag flying and a lot of not so nice language followed. I panicked. I didn’t know how to fix it, what else on my site that may be compromised, or what step to take next.
My first thought was to contact my hosting provider. I called up Bluehost and spent over an hour waiting for someone to answer. All while getting dressed and ready to go spend the evening with friends. I was frustrated to say the least and still unsure of what to do. Then I decided to send my amazing VA Tiffany a quick email to let her know what was going on. Tiffany backs up my site for me on a bi-weekly basis and is in charge with any upkeep the site may need.
Tiffany quite literally stepped in to save the day and removed every bit of stress from my plate. We ended up deleting that post and she got to work to evaluate any further issues and re-secure my site. Thankfully the hacker who got into my site didn’t do irreparable damage, but just shared his or her uninvited message on my post.
In the aftermath, I got to thinking that I should share my little story in case you have been in denial like I was or simply don’t have a clue of what you can do now to help protect yourself from the dreaded website hacker. So I invited Tiffany to share her best tips that you can implement easily now and save yourself from any uninvited guests.
Here is what Tiffany had to say!
As Megan can attest, having your website hacked is never a pleasant experience. Unfortunately, you are never 100% safe, as hackers come up with new programs and codes a little too often. There are definitely steps you can take to make claiming back your website a little easier and a lot less stressful. Here are a few of the basics – some of which you’ve likely heard of!
- Change your passwords! This is so important, yet so many people neglect to do this. Stop using your high school IM password, and come up with something original. Even better – have a generator provide a password for you! Sure, generated passwords are always difficult to remember, but there are tons of great programs out there to help you keep track of them in a safe way. LastPass, KeePass and RoboForm are all everyone talks about! Even a simple Excel spreadsheet for all your login credentials will work.
- Use different passwords! Don’t use the same password on all of your accounts – your Facebook password, website password, banking password, Instagram password, Gmail password and so on should all be different, even if only by a number or symbol. This will slow the determined hacker down significantly.
- Back up your site often! Your website could be perfectly fine one evening, and the next morning you may wake up to an awful message taking over your entire site. If you’ve backed up your site recently – a quick restore can save you a lot of time, money and stress. If you’re using WordPress, there are a ton of great, free backup plugins. A couple of my favorites include Updraft Plus and WP Database Backup. Both of these allow you to set up automatic backups (daily, weekly, monthly) and also allow the backup to be sent to third-party storage – this can be a simple email address, Dropbox or even Google Drive. You can also adjust how many backup records are kept – I recommend saving your disk space and only keeping 2-3 backups at a time.
- Use a security plugin! Something like a captcha on your login page will do wonders for you. There is also an option in WordPress to limit the number of login attempts. If you input an incorrect password 3 times while trying to access your dashboard, you will be required to wait for a set amount of time before retrying. If this happens – most hackers will back off and look for the next easy target. Some web hosts even blacklist these IPs for a minimum of 24 hours, blocking all access to your website.
- Finally – hire someone to handle the tough stuff! If any of the above feels too overwhelming or time-consuming for you, farm it out. There are tons of capable people out there who do this on a regular basis. They know what risks to look for, are able to make knowledgeable recommendations, and can do all the behind-the-scenes work for you – including partial or even full recovery from some of the most malicious hackers. What a load of stress off your back!