NO fab five for today. I am using this post to explaining the craziness from last week when my site was down.
Last week I got an email from a reader letting me know my site may have a virus. She told me her computer crashed when visiting my site. She had to wipe her hard drive clean. Once she got everything restored she said she went to my site and it crashed again. I told her I would check into it and told her, I hadn’t heard from any other readers so maybe it was just her computer.
That same day, I was going to add one thing to a post before going to bed. I was trying to do some last minute changes to some scheduled posts before I headed out of town for 5 days for my brother’s wedding. I couldn’t get into my dashboard. There was a message saying my site has malware (malware is a shortened name for malicious software). First thing I did was call the company who hosts my site, Bluehost. I spoke with someone in tech support and shared what was happening.
The guy said it sounds like my site had been compromised and I needed to get in touch with a web site security company like Site Lock, who they partner with or We Watch Your Website. I had no idea I needed security for my site!
So I elected to go with Site Lock. I purchased their basic plan and had it scan my site. I got a better price through Bluehost than through the site itself. So, if you want to get some security for your site check with your host first. You maybe able to get a good price.
So of course after they scanned the site it found malware on my site. Surprise, surprise! It found malware in 501 of 501 pages scanned and over 4,000 infected links. So then at this point there was an option to have Site Lock look at the issues with my site for $60. This fee is just to have them investigate the issue then they would give me a quote for the repair. I went to bed that night hoping it could be repaired quickly and not cost me an arm and a leg.
I left for my brother’s wedding Thursday morning. I had a long drive to Keystone Colorado. I got a call from Site Lock about 1 pm asking for my log in info so they could get into my site to give me the estimate.
Friday morning I got a call from Site Lock telling my my site was basically taken over by a hacker. My hubby spoke with them for me. The estimated cost to repair my site is normally around $900 for the issues I had, because it was going to take a whole day to fix it. However, the girl said she spoke with her boss and since we paid to have the monthly service she got her boss to let her go down to $450. (This was probably just a sales tactic. However, I did estimate it would probably be around $500 to repair the damage.) I really needed to get my site up, so I gave them my credit card number and had them move forward with the repair.
Apparently, WordPress sites are more easy to hack. The hacker could have got in through my admin page, through a comment, through a plug in, etc. Anywhere on your site that allows input, they can get in. When I received the quote they also gave my hubby a long list of fees of different things to help prevent this from happening, but there is no way to COMPLETELY prevent it. One thing you can do is a WordPress hardening. My hubby looked that up and luckily he can do that one for me. For Site Lock to do it, it was $150. The other thing is you have to do this hardening anytime WordPress does a total version update.
Friday night I got the call the site was repaired and they were sending in the info to Google to get me off their blacklist. Then Saturday morning, Goggle had me off their list and the site was back up. I must say, I was pleased with how quick Site Lock got things done.
So learn from my mistake. Protect your blog if you have one. You don’t want to end up like me. If I had Site Lock doing the scans for me before this, it would have found the initial breach and the repair would not have been as costly.
I also added a captcha code plugin when you comment. I know it is a bit of a pain to do when you leave a comment, but it will prevent hackers from getting in that way.