It took some time for me to realize my WordPress site had been hacked. It was not mine anymore but under someone else’s control.
I clicked the password autofill field from the chrome browser and watched the site open and then suddenly redirect to a website with a lone home page that blared “Rockstar”.
I thought what happened? Did I do something? I tried again. Same thing. Then I opened an incognito window and tried again.
The alarm bells started going off in my head. I remembered seeing an auto email a while back that an account had been created and vaguely remembering that I thought it said admin rights. I had intended to take a look but you know how you get busy.
And then there were some odd content deletions. I started chalking them up to user error. But a couple of weeks earlier it had become more pronounced and I had already set tech up to look for a possible bug.
I called my go-to tech person willing him to laugh and tell me I had made some silly mistake. No such luck, he confirmed the dreaded news. My site was hacked.
What Happens When You Get Hacked
You are in shock at first. Then you get mad. And then you feel like the world has fallen apart and you start asking why me? After hitting some of the largest reader numbers ever, in a minute my magazine was reduced to zero.
At times like these, you have to rally all the technical expertise you can. Depending on how your site structure is set up, that can range from your host company to hired guns. The thing about a hack is it takes time to actually assess what or how it has happened, then to get a plan in place to resolve it and then to execute the plan.
At first, we thought the solution was simple, restore a backup. This guy was just playing with us though. He had been there a while. My tech guys tried to outsmart him and he would let them think they had won and then a couple of days later he would take it back. We came to realize the flaw was in the oldest backup of the backup. Then I discovered the regular system-wide backup routine that was to be stored off the server had never been implemented.
It took a couple of weeks to realize there was only one solution to the hack. Shut down the server, move to another server, and reinstall everything from scratch. It meant the magazine would be starting fresh at zero. Gone were five years of work and nearly 600 articles.
Then I had an epiphany, just as we were about to start the process. I had moved to a new host a couple of years into the magazine. Part of the contract included taking a complete code and content copy. Because of the size, the developer had put it into his own developer file. I contacted him and believe it or not, he still had it. OMG, half the content was better than none.
Now, I am lucky the hacker didn’t ask for money. It took about six months to get over the shame that it had happened to a tech-savvy person like me. Once I did start talking about it though, it was quite amazing how many businesses have suffered a similar fate. Many have paid a ransom fee to get their content back. Some have even paid the fee and still not got it back. No one is immune.
I have learned many things that I hope will get you thinking about your system security. Your data is your business. Without it, you may not know your customers, your SKUs, your stock, your accounting. You might not have a business.
Are You Buying Into A Myth?
Every system has a weakness. WordPress “never gets hacked” was something I heard. Well, it is not true. Some systems might be less vulnerable than others but hackers have nothing but time on their hands and they love a challenge.
Does The Cheapest Hosting Solution Improve Your Bottom Line?
The answer is only if they have the expertise, the structure, the firewalls, and the recovery systems to keep your site safe. You cannot assume that everyone is equal. As a business owner, you must do your due diligence to ensure your most valuable business asset is secure. If you are a small business, it is prudent you look for a hosting company that specializes in your type of platform. Properly secured platforms actually have data on how many attacks they are repelling. Ask some hard questions.
Is Your IT Professional Infalliable?
We all like to think so, but your business is not theirs. It belongs to you so you need to step up to the plate. You wouldn’t put your money into a bank if you couldn’t see the balance even though you trust the banking system is sound. Tech is the same thing. You need a tangible way to know backups and system security are working. Take steps to make sure what you expect is actually occurring. Ask for output to validate your directions.
Are Updates A “When You Have Time” Task?
No, it needs to be on your to-do list weekly. Outdated software, apps, themes, and plugins are some of the top entry points for hacks. Your theme or plug-ins needs updating, it is not a one-time buy. The biggest software companies like Microsoft send updates once a week and sometimes more. They are addressing vulnerabilities not just adding functionality. Your system IS your business. Follow the big boys.
Are Strong Passwords Really Necessary?
Weak passwords are one of the top entry points to your system. Some huge companies have fallen prey to hackers because someone used ABCDEF or 1111111 as a password. 23 MILLION users have 123456 as their password. You can read some more fascinating info about passwords here. And do not use the same password everywhere. Keep them separate. I know, it is hard to manage, but there are some great services out there that make it easier. You can read about some here.
So now take some time and assess how safe is your data? Even if you don’t have a business you want to assess your data safety on all your devices.
If you find this article useful “Comment, Like and Share”