My email stopped working.

Not all at once, just little bits at a time. And only to certain people –some of the time.

Wordpress security
Pay attention to your wordpress security

I couldn’t figure it out.

I kept calling my hosting company and they couldn’t help me. I switched to a different email address but that didn’t fix it for more than a few hours.

Then, I woke up one morning and found this in my inbox.

“Web hosting account deactivated for MYWEBSITE.COM”

Gulp.

It went on to read…

“Your web hosting account has been deactivated as of 00/00/00. (reason: terms of service violation – malware/virus) This action was taken because your account violated our Terms of Service. When signing up, all users confirm that they have read, understand, and agree to our terms. These terms are legally binding…”

You get the idea.

My site was hacked and infected with malware.

When you went to the site, you got a blue screen saying it couldn’t be found.

This happened not once but twice in a month.

Over a period of 30 days, it took two site cleaning services and four smart people to get my site cleaned and back up and running. There were the costs involved with the cleaning and the tech support. Plus hours of my time to call and coordinate things. All told, I figure it cost me roughly $1500 in hard and soft costs.

As my friend Paula G explains about the way shared hosting works it’s like a community swimming pool. If anyone chooses to foul it, it affects everyone.

It was time to find another way.

After alerting my tech support and another call to the hosting company, I went to the source of where most things get resolved–Facebook. I explained the situation and asked for suggestions.

I got some great ideas.

Fellow copywriter and WP security expert Don Wallace of Little Miami Web suggested:

  • Regular backups of the site so you can fall to just a few days before (backup buddy makes this easy)
  • A security plugin (Wordfence is popular and works well. Event the free version detects intrusion attempts).
  • Non trivial passwords at all levels: WordPress admin login, login to your web hosting account, FTP passwords
  • “Hiding” the WordPress loginpage with an obscure URL

The Problems with Plug Ins

If you’ve ever seen the notifications telling you that your WordPress plug ins need updating, it’s a good idea to pay attention to it. The reason is because like any software, plug ins need to be kept up to date or they could fall victim to vulnerabilities that inevitably surface.

As open-source software, anyone can design components for WordPress. That’s a pro and a con because unless you do some research, you could choose a plug in that’s designed by someone who doesn’t know as much about security as another or they simply get busy with other things and don’t keep it updated.

It turns out, all those handy plug ins can offer “easy access” for would be hackers or ‘bots trolling the internet looking for vulnerabilities. (Don’t you wish people spent their time in positive ways?)

Keep it Locked Down

Like Don, Paula also recommends strong passwords. Your pet’s name isn’t a good password. A combo of letters–upper and lower case, numbers, and special characters are best.

There are monitoring services like Sucuri.net or a tech person who will help you keep it updated and clean it up in case your site goes down. Hopefully, if you take a few precautions and keep it updated, you won’t have to deal with the site cleanup aftermath.

Please, do yourself a favor and take precautions today.