Yes, I’ve had my site hacked before.
Actually, it happened the weekend before a Monday event for which I expected over 600 people to be showing up at my site.
It started with a strange email from my host (bluehost), which I received via my iPhone.
Apparently my site had been compromised and they would be shutting it down indefinitely until it was fixed.
No more ability to register new attendees. No site. No event on Monday.
Related Resources from B2C
» Free Webcast: Build Better Products by Identifying and Validating Your Riskiest Assumptions
Needless to say, that was a stressful weekend.
I found a security firm that specialized in malware removal and their representative spent an entire weekend removing all of the illicit code. Luckily the site was salvaged, the event went on as planned, and I had 650 attendees go through the program.
So since that time, I’ve gotten a lot more careful.
I delete themes that I’m not using from my control panel. I delete old plugins. I keep my WordPress version up to date.
But that’s not enough.
Here are the things that I do to sleep soundly at night, knowing that my site is being watched or that if something happens, it will be quickly addressed.
1) Regularly Back-up Your Site:
Are you backing up your site regularly to protect your valuable content? I use the paid WordPress plugin called Backup Buddy to do regular back-ups (I have a multiple site license). It includes a virus scan program for extra peace of mind. I also schedule regular back-ups that automatically get uploaded to my Dropbox.
2) Get Reliable WordPress Hosting with 24/7 Phone Support:
I use Bluehost to host my sites. They’re one of the top-rated WordPress hosts and they have great 24/7 phone technical support. Whenever I have an issue, I just pick up the phone and they’re always there to help me resolve it. If you need to move your site, you can pick up the phone to get help.
3) Monitor Your Site for Hacking 24/7
Hackers are attacking sites of all sizes. By using Sucuri’s security monitoring service (which is very reasonable, especially for multiple sites), I have more peace of mind. Since issues seem to always happen when I’m not in the office, I have alerts that go to my email, to my cell phone and they even have an option to send you a Direct Message in Twitter.
If your site becomes compromised, simply submit a ticket and they’ll clean it up right away.
4) Have a Trustworthy Security Expert On Call
If you’re already monitoring your site with Sucuri, then you’re all set (see above). If not, WP Security Lock does an awesome job of solving difficult security breaches on WordPress sites. I really like their service where they’ll clean and move your site to a new host. If you’ve been hacked and you know it’s time to change hosts, this is a great way to get a fresh (and safe) start at a new host.
5) Fix nagging WordPress issues…inexpensively:
Sometimes it’s not a major security problem. Sometimes a plugin will stop working or with an update to WordPress, your formatting will break. In these cases you don’t want to have to go digging into the code yourself and you don’t want to pay an expensive consultant to fix it. WPFixit is a great a la carte service that costs $39 per fix. And if they can’t fix it, they’ll refund your money. That’s quite a guarantee!
What are your favorite WordPress Security Services?
Your site is an important asset for your business. All of the time and money that you spend on development, design and content creation should not be put at risk.
Are you protecting your asset? What are your favorite tools or services? Let me know in the comments below.