It was my birthday on Friday and I had a lovely day with my other half. Kid-free. Chats, shopping and a meal out. All was going really well until about 3.30pm when I realised my blog stats weren’t moving. Users hadn’t increased and I knew that was odd, even for a Friday! I couldn’t get on my blog and friends couldn’t either. At first I thought my hosting was down, as this does happen now and then but a swift post in one of my Parent Blogger UK groups, I was told if I had a WordPress GDPR compliance plugin that I hadn’t updated, I could have been hacked.
I was.
I contacted my hosting company immediately who found the issue, de-activated all my plug-ins and found a suspicious URL. The blog was back but we weren’t out of the water. There was a risk malicious files could have been added and I had my hubby digging around for a while and eventually asked a professional to check over my blog and ensure everything was safe.
Thankfully it was and I could sort and re-activate plug-ins and it was business as usual. However, this is about the second or third time I have been hacked, since going self-hosted. It’s annoying. stressful and very frustrating. For me it did dampen my birthday evening, as I was worried and it wasn’t really sorted until about 9pm.
With anything that does wrong in life, it’s always good to reflect and learn from it and I thought I would share with you some of the things I have learnt after getting hacked.
– Back up your blog regularly! I had not done this since December last year, which was ridiculous but time flies. I think your hosting company should be doing it but do not rely on them! Have multiple copies too.
– Update your plugins as soon as you see they need doing. My recent hack was in through and un-updated plugin and the worst thing was I noticed a few days prior it needed updating and didn’t prioritise this task. The reason an update is provided is often due to an security vulnerability being found in the plug-in. This means hackers can break into your blog very easily. They can and they WILL. I know!!
– Change your password and Salts regularly. I learnt about Salts during the hack. Salts are used to generate cookies which keep you (and hackers) logged into to your admin portal. Change the Salt and everyone has to log in again. There is a plugin for this which you can set to re-set regularly and it is one less worry for you.
– Deactivate and delete any unused plugins. Any plugin can be discovered vulnerable and attract hackers, so worth getting rid of ones you are not using.
– Monitor your admin users. As soon as I been hacked and could get back into my admin portal, I had two new users added. Regularly check this, as a sign of a hack and KNOW your admins.
– Become more familiar how WordPress and your hosting works. Luckily I have a husband who can help and explain what certain things are FTP, php, my blog database, SQL (the list is endless). The gives you a rough idea of where you need to look and when asking the experts questions, what they are doing.
– Ask for help! Use the blogging community. I was so fortunate another blogger knew about the hack and told me to approach my hosting and ask for help. I was also extremely grateful to Zoe Corkhill for having a look afterwards and helping me when my blog memory was running out!
I’m very grateful that for me and it seems, many others, this hack was minor and we are all sorted now but it could have been worse.
We are bloggers, we are online and not expecting to get hacked, my hubby compared to being out in the rain and not expecting to get wet. There is always a chance your blog can get broken into but there are ways to try and stop it.
I’ve learnt from this and hope this post helps you too!
Argh! Poor you. This happened to so many bloggers. It’s scary. I am going to try and update plug ins every day now. As chance would had it I had updated that morning but I have been known to go days and days without updating. Off to add that salt shaker plug in now. Glad you are sorted. What a worry. Thanks for the tips