As some of you may have noticed Ben-Lang.com had been hacked on May 1st. It took a day to take care of, but with help, I finally succeeded in getting rid of the hack. Let me tell you it was not fun, and I’d like to share with you what I learned from it. But before getting into the details, I want to apologize if anyone has been affected by the malicious link that appeared on the site during the hacking.
By the way, it took this unfortunate experience for me to really invest in securing my site. I think it is like backing up your computer, you have to at least get throught the experience of losing a drive until you start taking backup of your data seriously.
Here is an overview of the experience:
Initial Reaction
1. Panic: When I first realized what was going on, I panicked. A fellow blogger had emailed me to say that there was a virus on my site that was redirecting it to a dangerous site. I was away from home and every second meant putting readers at risk.
2. Denial: How could it happen to me now? I am using the latest update of WordPress. That’s all that went through my head. It must be a problem with his browser, cache or computer.
3. Search: I got to a computer as quickly as I could and starting researching the issue. As expected, I was not the first one to be hit. After reading a few posts on the subject, I confirmed that it was the Ninoplas Base 64 hack.
4. Problem Solving: I analyzed the different options to get rid of the hack. The most reliable and simple solution was to restore the site from before I was hacked.
5. Success: I contacted Godaddy, which helped me go through the process of restoring the site, and magically everything was back to normal. (Thank you so much, Godaddy, for your help and patience.)
6. Prevention: I immediately implemented addtional security measures to increase the security of my blog.
Countermeasures
1. Update: No matter what platform you use, it’s crucial that you update your site with the latest versions.
2. Longer Passwords: Quite an obvious tip, but don’t be lazy; use strong and different passwords as often as possible.
3. Install Security Plugins: After this incident I realized how valuable it would be to install more security plugins. Here’s a great list by Makeuseof what plugins to install to make your blog more secure.
4. Do not allow user to Register: The specific hacking of my blog was because I allowed users to register on their own as authors. There’s a loophole in WordPress that allows authors to hack your blog, so be careful!
Again, my sincerest apologies for letting this happen to Ben-Lang.com. I hope that you can learn from my unfortunate experience.