What to do when your Blog is Hacked

 

 

The most heart-wrenching thing that can happen to you as a new blogger is for your site to be hacked. You will virtually break out in cold sweat, I know because that was what happened to me on Mother’s day this year when I checked my page and saw that I had been hacked by some bad guys. I said to myself here am I struggling to get page views and rank well on Google, I don’t get found by people who need me but by hackers.

Before my site was hacked, there was an international Brute force attack taking place then, where people’s computers were been taken over until they paid a ransom before it could be re-opened, I felt it didn’t concern me that much because I just started my blog and what could they want with my tiny Blog. But the world we live in has changed so much that we all need to be extra security conscious. When I started my Blog, I was just interested in churning out posts and promoting them. Trust me, security was the last thing on my mind, but hacking is the one thing that helps reset your priorities.

Not securing your site is like putting your goods in a store without a lock and key, you are virtually saying anyone could walk in and take your goods away.

After going through that experience, here are 7 things to do when your blog is hacked.

Calm Down and Think:

The first time you experience a hacking of your site, all sort of things will be going through your mind, for me, I was wondering does that mean I have to start all over to create all the posts that I lost? because once you are hacked, you can’t see your posts anymore. I can remember the first time I tried logging to see my blog from my phone, a black page just appeared on my Blog with the inscription Slowey kan, I thought it was some kind of advert, I had just implemented ads on my site then. But when I became suspicious was when the page won’t go way, I was like even if it was an ad it shouldn’t take more than a few seconds to go away, but there it was staring at me as if you can’t do anything I am here to stay.

I quickly ran to my laptop and logged in to my admin page that was when I saw some ugly script on my admin page that won’t go away. I refreshed my page and it was still there, that was when I literally broke down in cold sweat. My palms clammy, I began writing to my hosting company. When they saw the screen shots I sent, they were the ones that informed me that I had been hacked.

That was when I knew it was hacking that took place, I just kind of began to wonder what now?. How do I fix this? I wrote them asking what I should do, I was then told they will clean up the site and restore all the corrupted posts at no extra cost. I was quite relieved because I had Googled some company who promised to clean up my site at about a 100 dollar or so.

Write your Hosting company:

When you are hacked, the first thing you should do is to write your hosting company, they will give you some instructions to follow after they have cleaned up your site, that’s assuming your Hosting company is the type that offers to clean up your site after it has been hacked. I was glad my hosting company  Jvzoo. went into action immediately to restore my site and within 24 hours they were able to restore my blog back except for 2 posts which came after the last backup they had of my Blog.

They also gave me a host of instructions to help prevent future attacks, I can’t be more thankful as I thought I had lost all my months of hard work and have to start over again. Thankfully I do not have to. If you had like to sign up with my hosting company click here Jvzoo.

I only had to restore 2 posts that came after that. Because I pre-write my posts on Word document which I keep on my computer, I was able to easily restore those posts.

Inform your audience:

My Blog was hacked on a Mother’s day, wahoo, they really got me, just when I had been promoting my Mother’s day post, people will get to my blog and can’t access it. Since I couldn’t possibly work on that Blog for a while, I decided to write to my email list informing them of what happened, I also sent the post directly to their mailbox, I don’t want them missing out on what I had put together for the Mother’s day celebration.

Restore your Plugins:

After your Blog is cleaned up, apart from the posts that have been restored, you will find that your Plugins are absent, your site is as good as brand new, with no plugins whatsoever, so you will have to start all over to add your plugins, the first I added back was my GA ( Google Analytics). Thankfully my page data was restored. The next thing I thought of was my social shares for my older post If I lost that as well, all my posts will have zero shares.  Who wants that? if you are a new blogger, am sure there is a certain amount of satisfaction you get from seeing your share numbers climb, you wouldn’t want to start rebuilding that for any reason. That’s why I recommend using Social warfare for your share buttons. Because I was using them, as soon as I reinstalled my share buttons all my shares were back pronto. If I had changed I bet I would have lost out on the old posts. Click here to  get Social warfare

I did try to use another share button but the functionalities weren’t so cool so I went back to using my Social warfare, I think they have one of the coolest share buttons by the way.

Start your securing your site immediately:

To secure your site here are things that need to be done

1-Scan your computer with the latest and updated antivirus and spyware, make sure its virus free.

2-Reset all passwords, including email passwords, database passwords, Cpanel passwords. Verify your email account from the control panel.

3-Your new password should not be simple, use a password generator to make a new password. Click here to get to a password generator. To ensure the strength is good, click here

4-Do not store your passwords in email client browser and FTP client.

5-Make sure you log off from your control panel after use, do not share your passwords with anyone or write it down anywhere, memorize it.

6-Make sure your computer does not have any keyloggers, click here to check

7-Install only Plugins that have good ratings and are from trusted source, you can read my post on Plugins to see what you should look out for when using a Plugin on your Blog

8-Ensure that all your Plugins and third-party applications are all updated.

9-Change pre-configured passwords to new ones that will be difficult to guess by an outsider.

10-Change your database password to a strong one using the resources mentioned above.

11-Do not re-use passwords, ensure also that you update your changed password on wp-config.php

12-Change your prefix table from wp_ to a new one, hackers often use this to inject their codes which cause malicious damage.

13-Change your admin login page from wp-admin to something else, if you are still using this default, the hacker’s job is made easier because they only need to guess your password.

14-Dont keep unused themes and plugins since hackers often use it as a backdoor to set up access to your site.

15-Change all defaults: Posts, comments, directories names, it’s usually easier when setting up WordPress, if you are already set up then you need to go to settings—Miscellaneous( in your admin controls) to change it.

16-Restrict the amount of Login Attempts anyone with admin access can do on your site, you can use a plugin to do that.

17-install the Plugin disable Xml-rpc on your site, this plugin supports jetpack in securing your website.

18-Do a peremptory scan of your blog once in a while, I recommend using wordfence gravity scan, its free and you can use it to determine the vulnerabilities on your Blog.

Get a Good Security Plugin: 

Another way you can help secure your blog is to get a good security Plugin. I personally recommend Loginizer security Plugin because it has the following features:

-Recaptcha verifier

-Two-factor login verifier

-Passwordless login ability

-Disable xml rpc

-Ability to change your login URL

-Ability to change your wp- prefix

-Limits multiple login attempts

I also recommend Wordfence: Wordfence alerts you anytime there is successful login into your website. It also blocks out targeted attacks on your Blog.

Check for Broken or dead links:

Check all your initial posts especially the ones you have put on Pinterest for dead links. When I restarted my Blog after the hack, I discovered that some of my posts were turning up missing page link, so I repaired the links by editing it on Pinterest to reconnect them to the post on my blog.