The Scarlet Letter – only it’s an H for Hacked

What’s that about a back door? Someone infiltrating and infecting my bits and bytes? Sounds ugly, doesn’t it? Don’t panic. It’s all sorted now, site is clean and healthy.

But honestly, it’s like a personal slight, the horridly public announcement that you have a contagious infection, and everyone should stay away or they could catch it. Is that a scarlet letter, or what? Anyway, initial shock and shame aside, I guess it was inevitable at some point according to all the posts and information out there about malware, spyware, crapware, etc. It happens, and if you don’t protect your site effectively, you could be vulnerable to attack.

So the short story is that my site got hacked with additional unauthorized users added and malicious software embedded into the code, which of course got tagged by Google and was eventually marked as a “site that may harm your computer.” Super. Enter immediate panic on my part. What to do? What to do? WHAT TO DO?

Thankfully, Media Temple, my hosting provider, along with my wonderful webmaster/husband got right on it and cleaned out all the malware (while of course I’m still running around like a chicken with its head cut off). We then requested a review from Google (via their webmaster tools – request a review) to confirm that the site was clean, which they did very quickly (thank you Google!), and now we are back to normal. Phew.

As Google puts it, “the price of freedom from malware is eternal vigilance.” Here are some general tips to protect yourself if you have a WordPress (or any other) website.

1) Use strong passwords

2) Keep WordPress updated (older versions can have known security issues) or harden WordPress

3) Backup your files (database, theme files, plugins, media uploads)

4) Monitor your site regularly including new or abnormal database user accounts and changes to source files

5) Keep local computers safe with up-to-date anti-virus software

6) Stay current with the latest security news – Google Online Security Blog or US-Cert (United States Computer Emergency Readiness Team)

If your site has been compromised, don’t panic (easier said than done, I know). Contact your hosting provider for help, and follow Google’s step-by-step information on Cleaning Your Site. You can also refer to the WordPress FAQ My Site Was Hacked for additional information specific to WordPress. StopBadware.org also offers good information, tips to protect yourself, and forum advice from people who can help you.

Remember, use protection! That’s good life advice too.