It is sad that some people are determined to wreak havoc on the lives of others. Whether their objective is to be destructive or to use your site as a medium to make money, the result is the same – someone gets hurt.
They are very smart yet they choose to use their knowledge to harm instead of to do good. What a waste of a good mind!
I spent the weekend putting out fires. First determining that a client’s site had been hacked, then convincing the hosting company that it was so, then trying to figure out what to do about it. For instance, files kept appearing after deletion.
While it was a stressful weekend, I did learn a few things, and perhaps I can avert something similar happening to another client.
Change the cPanel password at the first sign of trouble
If your password has somehow been discovered by a hacker, they can get into your site, or worse yet, your host and make all sorts of additions, deletions, changes.
I use WordPress, so my first inclination was to change the WordPress password, which I did. And to look to see if anyone had added themselves as an administrator.
The cPanel password also needs to be changed. Even though I was assured that the cPanel password is stored on the host server and totally secure, anything’s possible. And if hackers get that password, they can steal the whole site.
If your backup is infected, there’s no way to get ahead of the situation
The host does daily, weekly and monthly backups. But you may not know when the attack occurred, so going back to a previous backup may not solve the problem, even though the site appears to be okay visually.
Having a good network of go-to people to help is invaluable
Keeping websites secure is a full-time career for many. Trying to stay ahead of the game is challenging at best. You have to think like a hacker to beat him or her at the game.
To try to be an expert in security while pursuing a different career is impossible. You have to defer to the experts, or at least others who have had similar experiences.
Developing a network of experts, go-to people, experienced people is crucial when these situations arise. I am so grateful to have a handful of such people in my life.
I discovered a good plugin to help detect security issues
Recommended by one of my contacts, I installed Wordfence, which is a WordPress security plugin. The culprits were found and removed.
Whether it’s enough protection remains to be seen, but I at least feel a sense of relief.
Backup Buddy is not what it once was
I have used Backup Buddy to do my backups over the years and it’s a great tool for transferring sites from my server to the client’s server once a site is ready to go live. But I am suspicious of the tool now.
During my investigations this weekend, I kept seeing that Backup Buddy backups had issues. I’m guessing it’s a security issue, but I haven’t read anything specific on that. More research is required.
I mention it simply because it was my own observation, and it was also a conclusion drawn by a reliable, experienced contact.
I must say, though, that I have Backup Buddy on my site and running Wordfence did not show any errors on my site. Still, there could be a vulnerability there.
If you suspect your site has been hacked, please contact your webmaster or host immediately.