WordPress Blogs Being HackedPosted on Timeless 25 comments
Don’t you think it is quite amazing the feeling of total “freak out” that a person feels when they realize that they have lost their phone? Well, that is nothing compared to the freak out that I felt when I thought that I had lost everything on my blog last week!
When my blog was hacked the idea of losing the central nervous center of my business had the hair on the back of my neck standing on ends. Luckily for me, I was able to get it fixed and not lose anything, and it was a great relief when all was well with my blog. Below you will find how I was able to recover from this.
In reference to my freak out, I know there is the whole topic of being in a state of equanimity, where nothing is good or bad, it just is. Or the idea of being too attached to material items or the outcome of said event, however, that was the furthest thing from my mind and fodder for another post.
So, a little about what happened, last week I got an error message from my AVG virus software saying that they blocked me from my site because it was infected. So, I said, “Well, fix it.”
As I learned however, that’s not how it works. To get it fixed you have to go to the source, i.e. your hosting site and have it removed by them.
According to several reports, shared hosting sites such as GoDaddy, Blue Host and DreamHost have had their customer’s open source WordPress blogs hacked. No private server WordPress installs have reportedly been hit. GoDaddy said that they were working with their customers to help them get their blogs up and running again, as well as, with authorities to find the source of this hacking.
So, to begin with, here are some suggestions from WordPress. I like the first statement, STAY CALM, are you kidding me!! I just lost the main drain of my brain!!!!
You have to stay calm to be able to deal with this situation. The first step before you respond to any security incident is to calm yourself down to make sure you do not commit any mistakes. We are serious about it.
Ok, let’s all take a big deep breath. Now let it out slowly. As you exhale, feel your shoulders relaxing as you find peace in the moment. Now repeat after me… My blog is safe, My blog is safe. Let this feeling seep into the very center of your awareness. As you are becoming more aware of your blissful state….
Snap out of it and get to work!
Scan your local machine.
Sometimes the malware was introduced through a compromised desktop system. Make sure you run a full anti-virus/malware scan on your local machine. Some viruses are good at detecting AV software and hiding from them. So maybe try a different one. This advice generally only applies to Windows systems.
Check with your hosting provider.
The hack may have affected more than just your site, especially if you are using shared hosting. It is worth checking with your hosting provider in case they are taking steps or need to. Your hosting provider might also be able to confirm if a hack is an actual hack or a loss of service, for example.
Next, here is the site where you can see the rest of the steps to restoring your WordPress blog,
Thirdly, for those of you that use Merge Domains or GoDaddy for your hosting here is a form that you can fill out and send to them so that they can remove the malware from your site.
Lastly, a very important step, that I did not follow the first time, yes, it happened to me twice in 7 days, is to make sure that you change your passwords to your hosting service. In addition, and this might not be the same for all hosting sites but for Merge Domains and GoDaddy there is also a password that you have for your hosting section of your back office. That also needs to be changed. One caveat, do not change your password to your database in your back office or your blog site and the hosting account will not be able to communicate.
- Stay calm
- It is only time
- Back up your blog, in case you need to restore it.
It is my sincere hope that you do not have to go through this. To help make sure that it does not happen to you, if you have not already done it, make sure you have the latest version of WordPress which is 2.9.2. Then change your passwords to something you have never used before for this account. If your user name on your blog is admin, you also may want to see about changing that too.
Here’s to Happy and Safe Blogging,
To receive a series of online training tips, just put your name and email in the form at the top of this post. Hundreds of Internet entrepreneurs have achieved success in their online business using these tips in the last year, now it is your turn.