Using SiteLock When My WordPress Site Was Hacked

sitelock-when-wordpress-site-was-hacked

I arrived home on Friday after a long day to work on my blog.  When I tried to login to my site, I got the message from the photo above.  Needless to say I was upset and confused at the same time.  I contacted Bluehost who is my hosting provider.

Recently, I upgraded my service from a basic shared service to a WordPress Optimized Hosting Plan.  I thought it might have had something to do with the shutdown.  They then informed me that I needed to call SiteLock, a security add-on that I purchased through BlueHost.  They informed me that BlueHost needed to do a CDN Cache Purge.  Whatever that is.  My technical skills when it comes to blogging, WordPress or Cpanels etc. is limited.

I was a little upset since I felt that BlueHost should be able to fix this problem without me having to call someone else.  When I contacted SiteLock, I asked them to do exactly what BlueHost said.  However, the operator started explaining that I got hacked and had viruses on my website.   Not only that but it will take 24-72 hours to remove whatever is preventing me access to my site.  They also wanted to sell me additional services to add protection to my blog.

Now I know I don’t have tons of traffic to my site and since I don’t monetize my blog, I am not losing any money.  I do however work very hard on my blog during what limited free time I have.  I did a site:leadgrowdevelop.com search on Google and I did not find any suspicious pages.  When you work hard trying to build something, it can get extremely frustrating when it gets tampered with.  I have an email list of amazing people who have subscribed to my blog.  It upsets me thinking that they may try to read my blog without success.  I try to always add value and anything less is not an option.

The entire process took about 48 hours to correct, thanks to SiteLock.  Here is an excerpt from the email they send me about how to protect my site further.  I hope it helps you avoid any similar circumstances to you.

 

4 Ways You Can Increase Security on your WordPress Blog Site:

 

Passwords

Set a strong password for all your logins: FTP, Admin backend, Database, Host (Plesk, cPanel, etc). It is recommended to have a 7-15 character password, using a number, character and upper case letter. Make sure that you are changing the password at least every 30-90 days as a preventative measure.

Never log in to an account from a link sent via email. This can be a form of a phishing attack.

User Access

It is best to limit the amount of users that have access to your hosting account, passwords and FTP. The more users you create, or share logins, the more at vulnerable you are to security risks and exploits.

Updates

It is critical to make sure that your website is always up to date with the latest software release. It is best to ensure that all plugins, modules, themes, and versions are always up to date. These updates will help prevent known vulnerabilities to the application of the site.

Clean-Up

Set a regular time to run through proper maintenance of the site. Remove all old coding, unused user/FTP accounts, and unused files. Make sure to never leave a back-up of your website on your server, this is a huge target to hackers. Properly maintaining regular clean-up will ensure less vulnerability to security risks and exploits.

 

Thank you SiteLock!

If this has ever happened to you, please share your story.  If you are a SiteLock customer, are you happy?