Menu

• Dictionary
• Hot Shots

Directory

• Sponsors
• Billing Options
• Content Providers
• Web Hosting
• Traffic Counters
• Website Designers
• Resource Sites

So here I am back for the first column of 2015. I hope you had a great time over Christmas and New Year although I doubt that many of you did take time off. If you're working solo in this industry then you'll know that finding time to take off can be very difficult.

My partner and I did take time off although I'm not sure that having some of our kids and grandkids descending on us really does qualify as time off. I know that there were times when I would have happily escaped to the office if I could have.

And so now we're moving into the new year and of course it should be steady march forward as we achieve the goals that we've set for ourselves. I absolutely have to say that's how I hope things are going to be for you this year and I hope that the start of the year has put you in the right frame of mind to achieve your goals. I say that I'm genuine in wishing that for you because it isn't the way my year has started.

When you work with real people in mainstream you expect that the first day back after a long break is going to be a little crazy and it was, but then you expect things will calm down and you can slip into the groove you need to be in to achieve your goals. Sadly it wasn't because by Wednesday we knew that some of our clients had been hacked.

The first hack was a script kiddy, he got into our client's WordPress site because we have a client who can't seem to understand the importance of having a very secure password. So it wasn't hard for this kiddy to hack in, make some crazy statement about Libyan independence and then start destroying stuff on the other pages.

Ok so it wasn't too serious. A change of password to something that was over 10 letters, characters and numbers long; a quick rebuild and a large account sent off to the client, so that the pain in his pocket will remind him of the need to stick with a complicated password, and we were done.

Then our server tech sends us a message; "You've got a site sending out emails". This WordPress site belonged to another person who had changed their password to something he could remember but this site hadn't been hit by a script kiddy. This guy was a little more serious as we discovered when we went to change the login details. This guy had added about 20 aliases to the list of admins and that aroused my partner's curiosity.

He ran some scans and discovered that, not only had this hacker added lots of extra folders to just about to the content part of WordPress, but he had also added lots of extra files to both the existing and the new folders. This guy was obviously a little cunning too because he had named all those files with names that a beginner, who was trying to clean out the rubbish, would have thought were legit and left them there.

And then there was a third site with very similar problems although we don't think that the same hacker was involved. This guy was had installed some very nasty trojans and was possibly hiding them by including some very obvious links to pill and potions. This guy got in because the client wasn't interested in keeping her site up to date and another large bill for the cleanup might get her a little more interested.

That wasn't exactly the start to the year that we wanted because each of those cleanups took hours of valuable time and last night we found that there are three more sites that we need to look at. Our server tech did a security scan and identified those sites for us so we know what we are going to be doing today.

And right there in all of that mess is a warning for you guys. If you're running WordPress on your sites then make sure that you keep everything updated and don't be such a beginner that you use easy passwords … or the same password for all of your sites.

Another thing that you should do is have a different name for the username and nickname and ensure that the “Display name publicly as" option shows your nickname and not your username. At the same time as you're doing that you should also add some real security to your site by installing WordFence and setting it up so that you get alerts if someone has come to fiddle with your files.

And if you find that you have been hacked don't just clean out the obvious problems. Use your FTP program and go through every folder and look for new folders and files that have been added and files that have been altered by the hackers.

I know that doing that is a total pain but that's what you have to do if you want to be totally sure that you really do control your own WordPress.