Menu

• Dictionary
• Hot Shots

Directory

• Sponsors
• Billing Options
• Content Providers
• Web Hosting
• Traffic Counters
• Website Designers
• Resource Sites

Have you ever had one of those weeks that just goes on getting more and more crazy as the days go by? If you do have the occasional week like that you'll know what I'm experiencing at the moment.

Heck I even had to grab my laptop and literally go and sit on the top of a hill to write this. If I had stayed in the office I would never have had a chance to write this because the craziness seems to be building to epic proportions.

Some of the highlights so far in this crazy week have been a phone call from a client and an email from Google and both have left me feeling that I really want to slap somebody.

The phone call from the client was about the 430 emails he had received in the previous hour telling him that one of the security features we had installed on his website was working perfectly. Of course the emails don't say that in quite those terms ... they actually say that someone has just been locked out of the admin section of the website after they made three attempts to get in ... but it's much the same thing.

We think that this guy probably pissed someone off and that person has gone to a scriptkiddies message board somewhere and suggested that someone may care to break into the site and deface it. Of course they didn't succeed ... we have built in several layers of security to prevent just that sort of attack but that didn't impress the client.

He wasn't happy that we had kept everyone out of his website and undoubtedly saved him a lot of time and money but he was very unhappy that he kept getting those notifications ... oh well.

The email from Google was also about a website; it belonged to a former client. Google had actually sent that email out to about 10 different email addresses that belonged to the business and somewhere Google had found my email address associated with the website so I got one too.

So I got an email telling me that Google had now classified the site as an "attack” site because it was full of lots of very nasty stuff. In fact Google thought that it was so nasty that they had placed a warning on that site's listing in their search engine and if you tried to access the site you got a huge red warning telling you that the site was full of malicious software and you should not attempt to go further.

A moment ago I described them as a "former client” but they still did have some connection with us. While they had handed the management of their website over to some marketing company we were still hosting the site so all those warnings concerned me. How would our other clients ... who shared the same IP address ... or adjacent IP addresses ... fareif Google decided that our server was a "bad neighbourhood”?

So I started trying to contact people associated with that business by phone and finally got hold of a branch manager who knew something of what I was talking about. I told him that if they didn't do something very quickly to clean the site up I had no option but to delete the contents to protect all the other small businesses that we host. He promised to get back to me next day.

Of course he didn't so after three days of waiting we deleted all the files off the server and suspended their account. We thought that action might have encouraged them to contact us but even though their emails have stopped working no one has picked up the phone.

Both those sites ... the one that didn't get hacked and the one that did ... are/were Wordpress sites. One had plenty of security measures in place and it survived while the other, at some stage, had at least some of those security measures removed. I guess someone didn't think that they were important and now their client has just had their website kicked off the Web.

If you're using Wordpress for your websites then for goodness sake use all the security plugins you can find. Sure, nothing will keep a really committed hacker out of a Wordpress site but the harder you make it for a person to get into your website the better chance you have of them giving up and going off to look for a site that isn't quite so hard to hack.

At the very least you should be using plugins like Login Lockdown and one of the better captcha plugins and if you want to get really serious install Wordfence ... find it in the Wordpress plugin section ... read what it does and you'll wonder how you ever survived without it.

Security of your website is your responsibility ... be happy if you get a gazillion notifications that people have tried and failed to get into your site because that is so much better than getting just one email telling your that Google has dumped your site because it's full of trojans, viruses and other nasty crap.