Sorry for the long hiatus. 10 days without a post! Gaaaaah! As you all know, my site was spewing some malware (malicious software) last week. Since I am not really a techie (but I do love a well-made gadget, and I am a loyal Mac user) I cannot fully explain the technical details, but I’d like to tell you in layman’s terms what happened to me (a self-hosting WordPress.org blogger) as a cautionary tale. And so I can acknowledge the tools, apps and my hosting service provider properly for how they helped me.
One day I woke up to find that whenever I tried to access my blog or WordPress Dashboard, I got a glaring message from google if I was sure I wanted to do that since my site had malware on it. I seriously panicked and spent the entire day researching on what to do to fix it myself. Unfortunately everything out there is for people who know how to do some coding. So I gave up and wrote my hosting service provider, Network Solutions. Then it was time to wait.
NOTE: For those on WordPress.com, the free blogging site, you do not need to worry about this, because WP.com (WordPress.com) does all this for you. You don’t need to worry about spam, malware, etc. However for self-hosting WP.org bloggers like me, I need to purchase my own Akismet (anti-spam) and maintain up-to-date plugins/WP versions/themes. It’s not cheap, but I self-hosted because I would like to earn from my site in the future (full disclosure!). And I can’t do this on the free WordPress.com service.
While I was waiting, I was sick and in bed with nothing to do! You can’t imagine how frustrating it was. Normally when I am sick (and I am always sick) I work on my blog. So this time around, I found a way to channel my energies into (you guessed it!) – CROCHETING. Lol! I did a set of 6 wine glass cozies. When I was finally well, and still couldn’t access my blog, I did some spring cleaning (so much stuff for garage sale!) and some home organization projects. (More on this on another post). Okay back to ze blog…
After long days of back and forth emailing and calls from Network Solutions (HOLLER to their Pinoy Call Center CS people who helped me!), they cleared my site. To put it simply, they deactivated and updated all my plugins and re-installed WordPress’ newest version. Sounds simple but at that time, I had no idea that was what I needed to do and I was scared coz I kept on getting malware warnings from Google. Now it was time for me to do the work.
I realized several things…
- Safari has amazing security features. Even after my blog was cleaned by Network Solutions, I tried to access my dashboard (it’s like the main command center of my blog) and couldn’t. Apparently the security of Safari is so tight that it wouldn’t allow me to log on to a site that was still considered suspicious by Google. So until Google cleared me I had to use Firefox to get access to my site. (So I guess I should thank Firefox for not having such tight security huh?!?)
- If you are a self-hosting blogger like me, ONLY download and install plugins from trusted authors, that continuously update their plugins. If a plugin isn’t updated, even if it is NOT active on your blog, it can still be a way to breach the security of your site. So delete plugins you do not use.
- Updates for plugins, WP platform and WP themes are made to ensure that they are constantly secure from hackers and all the new malware that the bad people out there are creating (i.e. to put annoying ads/pop-ups on your blogs, to lead readers of your blog to porn sites and other annoying ploys).
- When there’s a new version of WordPress, immediately back-up your website AND your database (those 2 are different) then update it. *Network Solution automatically does this for me daily, and keeps back ups from the last 7 days, but I can also manually back up when I need to.
- Check also with the makers of your WP theme (my awesome theme is from awesome people at Elegant Themes) if they launched a new version. Once again, back up your website AND database before deleting the old theme version and installing the new one. Just in case it doesn’t work out, you can revert to your blog through the back up. I’ve yet to do this, but I have to soon. It’s a bit scary don’t you think? To delete you theme, assign a temp one, then install the new version? What if it doesn’t go back to normal??? EEEEEEP! Must. Be. Strong. *Breathe*
- I am so thankful that I got the MacKeeper! Aside from helping me clean out space on my computer’s hardisk and finding duplicate files, it also has real time virus protection among. I was afraid that I had gotten something while trying to access my blog while it had malware so I repeatedly scanned my computer during the entire process to be sure. Click here to read more about why the MacKeeper is so awesome.
- Also I no longer use the WordPress Counter plugin from http://counter-wordpress.com/ and am more careful with choosing plugins. Currently trying out Hit Counter Ultimate by Packages-SEO.com which seems reputable enough.
- Don’t install a plugin if a) it’s not compatible with the latest version of Wordpress b) the author is not reputable c) the author hasn’t updated in a while.
- I stopped using the WordPress Stats plugin, instead I am using Jetpack which has so many functions aside from stats, like twitter and sharing. So much simpler, I absolutely love it.
- Last but not the least, I want to share the link to this super helpful FAQ for hacked sites: Help I think I’ve been hacked.