You read it on the news all the time. There’s always a hack and millions of website attempts. It’s part and parcel of owning a website these days.
I’ve no idea why someone would want to hack my in particular but it’s created a world of pain for me, someone that’s spent years on my craft. Owning CorporateDad.co.uk as well as FourSeasonsDad.com, both sites were affected and it’s seriously pi**ed me off. There’s been a world of pain that’s come from this and I’ll explain more later, but there’s been some amazing things too. Like the education needed to ensure it doesn’t happen again, or the ability to review old content and re-read what I love.
THEY'RE DEAD DAVE, ALL DEAD!
Corporate Dad was the website that I spent years creating and I saw it all disappear in a matter of minutes. It was like my heart was being pulled out. There was no backup that wasn’t infected, the database files were injected with code and I had numerous people tell me the site was redirecting them.
How could I work with clients when friends couldn’t access the site? I didn’t want friends to visit spam sites. It wasn’t right and there had to be a point to stop.
The time came when the site was so slow, re-directs happened constantly and I didn’t know what was good anymore. It was then I had to make a choice, do I stay or do I go?
Unfortunately I couldn’t afford to leave my server company. I had to stay, I had to learn how to fix the issue myself.
These life lessons will stay with me now and I want to share some tips to ensure you’re not experiencing the same issues down the line.
What to Look Out For
Your Site is Redirecting to Another – Major one here of course, means there’s injected code somewhere re-directing through to a SPAM site.
Site Speed Is Very Slow – When your site speed reduces dramatically, it normally means there’s hidden processes happening in the background.
Things Aren’t Aligned – Website’s are perfectly crafted sites. If there’s a sudden re-alignment of boxes, there could be code that’s inadvertently changing the layouts.
Lock Down Your Server – Speak to your hosts. There are things they can do to restrict access. If you don’t need to access it, delete all FTP accounts and change the admin password to something unique.
Site Management – I’ve recently found ManageWP. It’s a central hub for site management of multiple sites. It’s really good and can provide FOR FREE, stats on security, performance and any updates available.
In Site Security Plugins – I’ve found there to be a number of security plugins and it’s a bit overwhelming. They all seem to be terribly similar. I ended up installing All In One WP Security. You can lockdown pretty much everything from file changes, logins, firewall and site access.
Updates – If you’re not keeping your plugins updated, I guarantee there’s someone out there looking for weaknesses to get into your files.
Dual Login Verification – There was a plugin a long time ago where you scanned a QR code on your phone. This is now Authenticator by Google and it’s pretty decent. To login you need your username, password and a special code on your phone.
Password – STRONG STRONG STRONG! I thought mine was unique but apparently it really wasn’t and a 50% strength password isn’t a 100% one. It’s the key to the door, don’t leave it open.
How I Fixed It
- The reality of it all is I didn’t fix it! I had to completely rebuild it from scratch but luckily there was a number of things that made the rebuilding process simpler.
- A website is a URL pointed to a folder on your Server. First thing is to create a subdomain to build a fresh WordPress site to which you can then re-point the URL.
- Upload the same theme, and keep an eye out to see if there’s a theme exporter, to keep those personal settings.
- As long as you use the same permalink structure, you can copy all of the WP-Contents Uploads folder. Using FTP copy this out of the current folder and paste into the new site.
- Export posts from original site using the WordPress Importer tool.
- This will deliver the content in posts, but you’ll need to re-feature image every post. It’s not fun but you need to do it.
- When your site is ready you have two options. You can copy the whole folder’s content from the new site, into the old site’s folder (At this point you’ll have deleted old content).
- Ensure that you then re-link the sitemap to Google.
- I’d also recommend installing Auto 404 Plugin so that any URLs that are broken, will deliver a live post rather than a 404 page.
One of the best things about this though is the ability to now go through old content and re-read some of the posts, and relive the amazing photos and videos.
If you’re having trouble with your sites feel free to reach out to me at CorporateDadUK@Gmail.com. There are companies that you can pay, but there’s no need to waste money if you have the time and patience yourself.
In the meanwhile, here’s one of the amazing galleries I found while searching through old photos. Enjoy 🙂