A strange thing happened earlier this year — I noticed that my SmallBizapalooza.com web site suddenly got more than 1500 visitors in the space of a few hours. While getting a lot of traffic would have been a dream come true — this wasn’t right. Something was very, very wrong.
But I wasn’t sure what or how to fix it. To make a long story short, I reached out to the folks at SiteLock who were amazing! Well, it wasn’t initially amazing, it was rather frustrating, but after a few messages back and forth, we became fast friends and I learned a lot about the impact a hack can have on your sales, marketing and reputation.
SiteLock was kind enough to do an entire case study on the SmallBizapalooza Hack. What I’d like to do here is help you understand a few things that I didn’t understand in the beginning and hopefully this will help you deal with a hack if and when it happens to you.
Yes — You’ll Probably Get Hacked
I didn’t think I would get hacked for several reasons. First, I didn’t think I was important or big enough to get hacked. This is not at all true. And second, I had a basic SiteLock package that I purchased from my hosting company. I thought I was safe — and I was wrong. (Keep reading for how to deal with this)
I see hackers who hijack your website as parasites. They find a vulnerability, they get in the door and they use YOU site to?take money, make money or rank higher in Google.
A Website Hack is Like Getting a Virus on Your Computer
The other thing I didn’t understand is that when your site gets hacked — every person who comes to your site gets blocked by their firewall. This means that you are NOT getting visitors or even worse, you are SPREADING the virus to your customers.
This is where your sales and marketing can REALLY suffer — especially if you aren’t paying attention to your analytics. You can use Google Analytics or you can use the basic WordPress analytics. Here is a shot of my Google Analytics —
Notice that HUGE spike that doesn’t match the natural traffic pattern. This was my first clue that something was really, really off. While I was doing some promotion of a program during that time, I knew that the spike wasn’t natural. Trust yourself, you’ll know too.
So how did I find out exactly what was going on? ?There’s a simple trick that you can use to see what pages come up from your site.
How to Search Google for a List of Your Pages:
Simply go to your search bar and type in “Site: yoursitehere.com”. This will allow Google to search YOUR site.
As you can see in the image above — there is nothing out of the ordinary. This is a healthy search. BUT when I originally did the search – I had something to see.
Take a look at this —
That’s a real problem and it’s called a “pharmaceutical hack”. I immediately called my hosting company and they recommended “SiteLock”.
You Need MORE Protection Than the Basic Package!
But I THOUGHT I already HAD “SiteLock”!!! How did I get hacked?! Well, as it turns out, your hosting company sells a very affordable BASIC package to SiteLock. This is fine if you have like ONE page or a super small website. But if you’ve got more than that (and I bet you do) you will need WAY more protection.
This is when I started Tweeting out to SiteLock!
? Ivana Taylor (@DIYMarketers) March 23, 2016
As a consumer, I was completely confused. But the SiteLock social media and tech teams were all over the issue. In less than an hour, I was contacted by a tech support person.
The SiteLock team quickly identified that Smallbizapalooza had been the target of a pharmaceutical hack. Hackers had taken over Smallbizapalooza to advertise the sale of prescription drugs. Google recognized the hack and warned my?visitors not to proceed to the website.
OK — so what was the fix?
SMART provides a daily, comprehensive website file analysis on Smallbizapalooza. When malware is detected, the scanner automatically removes it. The SiteLock team used SMART to analyze over 15,530 files for Smallbizapalooza. It was able to identify the malicious code that was placing the ads on Taylor?s website and causing Google to flag it. SiteLock removed the malware and returned Smallbizapalooza to working order.
TrueShield was installed to protect Smallbizapalooza from future attacks. Current analysis shows that TrueShield has already blocked over 1,000 malicious bot access attempts since the attack, keeping Smallbizapalooza up and running!
The other awesome thing the SiteLock team did was to clean my site! ?This costs about $300 but it’s more than worth the cost — believe me. I have to admit, that I didn’t want to pay the price. I looked at plugins, I looked at doing it manually, I prayed. None of those things would have done the trick as thoroughly and safely as having them clean it up — so that’s what I did.
They also put the correct protection on all my sites. While the basic package they sell with hosting companies isn’t adequate (in my opinion), they do have several options that you’ll find affordable.
Protecting Your Site from Malware is a Marketing Activity
It had never occurred to me that malware protection was a marketing activity. These things clearly fall into the IT bucket. But if you’re a solopreneur or DIYMarketer — well, guess what — this is YOU.
More importantly, our job as marketers is to make sure that our customers and web site visitors are SAFE and can feel comfortable cruising our sites, reading, learning and buying. And if you don’t have the right protection on your site — that’s not going to happen.
Easy Tips For Keeping Your WordPress Site Safe From Hackers
- ALWAY Update Your WordPress and Plugins. ?This is one of the most effective ways to keep your site safe and it’s free and easy. When you see that there are updates available – UPDATE. Don’t wait, don’t ignore. Often these updates have updates to malware protection.
- Watch your analytics for unusual patterns. If you haven’t already, install “Jetpack” on your WordPress site. This contains a simple analytics summary. THIS is how I caught my hack. I don’t often go to Google Analytics, but every time I log into WordPress to create a page or publish a post — I see these analytics.
- Use SSL Servers if you are sharing personal information. Some hosting companies include this in their packages and some don’t. If you share personal information or take payments on your web site — make sure you have this all set up. I have several sites where I do NOT take payments and do NOT have SSL, but SiteLock can put a special firewall in place to protect your site.
- Don’t use “Admin” as your username. Create an easy to remember, but creative username for your login. This puts you out of reach of “low hanging hacks”
- Use strong passwords- change and update your passwords. ?This is my least favorite, but it’s one thing that absolutely works and helps. Also cheaper than cleaning your site.
- Limit log in attempts – This is another way to stop hackers from getting in. There’s a WordPress plugin called “Limit Login Attempts” and this will do the trick.
There are WAY more technical ways to protect your site, but the tips I’ve given you here are all relatively easy to use — even for us non-techy types. Don’t let another day go by without at least going through these basic tips. Then do yourself a favor and protect your site. I recommend SiteLock because they are small business owners just like US. Their team is wonderful and they are the most affordable professional help I could find.
[thrive_text_block color=”blue” headline=”THIS IS NOT A PAID ENDORSEMENT”] I want to be clear that I have NOT been compensated in any way for this article. This article contains my personal experience with SiteLock and their team. [/thrive_text_block]