Hacking, Malware and Mischief – Oh My!

computer hacker & scammerWord Press is a fantastic platform to create a website. I dumped the “old” ways of website creation about two years ago to fully embrace WordPress. However there are some sad, sick SOB’s out there who have nothing better to do then to try to hack the websites of honest and hardworking business owners, both large and small.

Just this week, Tim Ferris, author of The 4 Hour Workweek took to Facebook to ask fans if they were receiving malware warnings on his blog at the fourhourblog.com. A number of people reported that, yes, indeed their browsers were reporting malware (although there is some talk that Google’s Chrome browser was actually identifying an ad as malware).

But, do you think hacking is just the concern of huge websites like Go Daddy, CNN or the Huffington Post? If so, think again. A year ago, two of my clients (a local restaurant and a pet transportation company) were hit with attacks. Last week I was visiting a networking contact’s website (she does marketing communications and publishing) and my security system identified and quarantined malware on her site. Two people in one of my business coaching programs have had their sites hacked, and one was an especially troubling attack, where they hijacked her entire site (see the screen shot. Frightening!)

a hacked website
How would you like to see THIS when you went to your website???

Just like Windows, the mere fact that there are so many Word Press sites out there means that they are ripe targets for these freaks. And, if Google detects malware on your site, guess what? They will blacklist your site and block access. Then you have to contact them and try to prove that the site is no longer infected. Trust me, that’s not easy.

But you CAN protect your website by following these simple tips:

  1. ALWAYS pay attention to any updates for your website theme, your plugins and the Word Press software itself. In fact, there was a major Word Press release just within the last month and there was an additional update just this past week. Hackers use outdated WordPress files and/or plugins and exploit vulnerabilities in those programs. Back up your files before proceeding and update everything. Ask your web person for help if you need it. This is why I always suggest that client pay for ongoing security maintenance. Security maintenance not only means backing up your files to offsite locations, but also updating WordPress, themes and plugins and running security scans on a regular basis.
  2. Use strong passwords on your hosting account, FTP (File Transfer Protocol) access and your Word Press admin area. And, by the way, “password1234” is NOT a strong password! I hate this too, but you have to make something secure, which means upper and lower case letters, numbers and special characters. And somewhere between 9 and 15 characters. I recommend using Strong Password Generator . Yes, it is a pain, but you will sleep better for it.
  3.  Put a plugin like Limit Login Attempts on your website. You can set a number of times that someone can try to log onto your site and, if they exceed it, they are locked out of trying any further.
  4. Share server hosting vs Virtual Private Network (VPN) – most hosting account are on what are known as shared servers. This means that your website is hosted on a computer with potentially hundreds of other websites. If one site is hacked or, as it happened to one nonprofit I know of, one site on the server is hosting a phishing website, your Internet Service Provider (ISP) can block access to your site. A VPN gives you greater control and security by , albeit at a higher cost.
  5. Use a reliable host that is an expert in WordPress hosting and has great customer service. When you get hacked, they are often the only help you can get to clean up the malware.

Also remember to protect YOUR computer from other websites that may be infected. I personally use ESET Smart Security (set to “maximum protection”) and it always warns me and quarantines malware that may try to download to my computer from another website. This is what warned me that my colleague’s website was infected.

It’s unfortunate that we have to be concerned about this kind of Internet vandalism, but take steps to protect your site and you’ll avoid the hassle and stress of a hacked site


Sucuri – a web malware monitoring and cleanup service (fee-based)

Sucuri Site Check – a free website malware scanner. Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.

Sucuri Security – SiteCheck Malware Scanner – a free WordPress plugin

Strong Password Generator – creates strong passwords of any length, using upper and lower case letters, numbers and special characters

Limit Login Attempts –  a WordPress plugin that limits the number of login attempts.

ESET Smart Security – protect your own computer of Internet threats

What do you do to secure your website? Have you gone to strong passwords for your online activities?

Not “If”, But “When”

who-when-where-4Over the weekend I received a frantic email from a prospective client asking for some help with a website emergency. It seems that her Word Press website was no longer available and was showing the dreaded message “Fatal Error”.

The website had been developed several years ago and apparently no one had ever updated Word Press itself, nor any of the plug ins that had been installed on the site. Not keeping your Word Press installation updated opens the site up to the potential for a security breach and conflicts with the plug ins. In this case, ignoring the need to monitor and update the site cost this business owner several stressful days and possible lost revenue.

Yet, when I suggest additional maintenance and support services to new clients, I frequently get the comment, “That’s too much money. Why would I need that anyway?” Well, no one likes to pay for insurance on their personal property, but you’re sure happy to have it when something bad happens. And, with all the wonderful benefits of a Word Press site, it is a constantly evolving platform. The benefit to this is that there are ongoing improvements to its usability and new features that can make your site even more powerful and effective. But, as Word Press evolves, the thousands of little specialized programs called plug ins may not keep pace. Ultimately a conflict can occur, when a old plug in doesn’t work under a new Word Press update or the site becomes so outdated that it is a target for hackers.

A properly maintained site means someone regularly checks your site, performs the process to deactivate all plug ins BEFORE the Word Press update, and then carefully reactivates the plug ins, one at a time, to test for any potential conflicts. They test the site and check for any “broken” links on your pages. And, most important of all, they install, schedule and monitor regular backups of both the database AND your content, so, if the worst happens, your site is back up within minutes instead of days.

So, when a web developer recommends a regular monthly maintenance program, please think carefully before saying “no”. Because a few dollars per month can save you thousands of dollars in repair or lost revenue in the future.

Is it Time for Some Website Spring Cleaning?

I took advantage of the beautiful spring-like weather this weekend to open all the windows in the house and let the fresh air blow all the winter staleness out .
Later, despite a nip in the air, I enjoyed the warmth of the sun in my backyard and it was hard not to think of Spring and the rebirth that occurs each year. My roses, which I pruned back in January, are leafing out and I know I will see my beautiful blossoms soon!
cleanup your website for Spring
Along with the lovely promise of warmer weather comes a new energy in our lives, homes and our businesses. The urge to open the windows and get down to some Spring cleaning to prepare for longer and brighter days.
So, have you considered a Website cleanup, along with all your other Spring projects?
Many people start businesses and either use simple website builders to create their own site or pay a web developer to build their site for them and that’s it. There may be some content added along the way, but, in general, most people put their site up and let it sit.
So, it’s no wonder that you question whether or not your website is delivering results. There are some simple reasons:
  • Sites developed with those “Site Builder” templates (like Yahoo or Go Daddy) lack many of the features that help with search engine optimization or, when you created your site, you probably were not aware of the multitude of little things that could help your site get ranked by the major search engines.
  • Even the best designed site from a talented designer may not have the components of a well optimized site like page titles, meta data and alt tags on your images.  All these help contribute to how high your page ranks in a Google search results page
  • Search engines rate sites that have frequently updated content much higher than a site that is not updated regularly. This is one of the main reasons that a blog helps with your SEO, as new content is added frequently.
  • And, speaking of content, does your site contain useful content, full of the key words that your target market would be looking for? Much like a closet, over time your site may become cluttered and disorganized with old, outdated content, reducing its effectiveness and appearing tired.
If you have any doubts about the effectiveness of your site, you should contact me for a free, no-obligation website review. Perhaps all it needs is a “Website Tuneup” to help it start generating results for your business or organization. Or, with your other Spring projects, maybe you are ready for a new Word Press site, that will make it easier for you to make simple updates yourself and will help re-establish your organization’s brand. Contact me and we can discuss what’s best for you!