In this post “Is your website clean?” I give you some ideas and tips to help protect your blog from malware, spam, hackers, etc.
More than 50% of popular Google searches have at least 1 spam SEO link in the 1st 10 pages.
I’ve always thought that my little website was just that, little. And, as far as I was concerned, it was fine if it stayed small. A few friends (some new, some old). A few people who like what I write about. Some visitors. Along the way I’d help people learn cool new stuff in the kitchen & I’d share some of what I’m up to.
So, because my site was little I never worried too much about spam or hackers. Why would anyone want to hack my little site?
Well, I learned my lesson. Apparently it doesn’t really matter how big or small your site is, it can still be hacked. My site was hijacked with Malware, or more specifically, Blackhat SEO spam.
Whhhhuuuttt? Blackhat, what? You say. Blackhat SEO (Search Engine Optimization) spam … is malicious content. Pharma-junk! Low life spammers. They inject malicious code into web pages that redirect traffic via Google to “spam sites” selling pharmaceuticals or other products, to drive revenue and Google page rankings. Yucky!
So, my little site was being used to increase their Google page results so that they could sell spam and pharmaceuticals. URG!
The attackers gain access into websites using a variety of methods. I have no idea how they got in to my site. I’ll probably never know. I have no idea when they got in. I’m guessing that I caught it about a month or so after I was hacked.
I worked really hard on cleaning up my site (I’m all squeaky clean again). I enlisted professional services (the company I hired is Sucuri) to clean my site and help me keep it clean. I went through and deleted all the plugins that I didn’t need or wasn’t using. So, hopefully my site is a little fortress now. An island. Solid and impenetrable. And, it’s a clean site again. I regularly scan it to make sure it’s clean. I even scan other sites now before I use them to make sure they’re clean.
I’ve learned quite a bit on what you can do to protect your site. While the risk of getting hacked is probably never zero, it doesn’t mean you can’t work to reduce it.
- Update, update, update! When your computer tells you that there’s an update to the browser software, update it. Don’t wait. Keep your website software (applications, plug-ins, widgets, etc.) updated. Since so many sites use the same applications, attackers know that if they can find a vulnerability, like outdated versions of software, there are thousands of sites that they can find to exploit and compromise.
- Only keep the minimum necessary files, themes, and plugins that allow your site to function perfectly. Everything else should be disabled, deleted, or moved to a separate server.
- Change your passwords regularly, and use strong passwords. This goes for your website user and database passwords as well as things like online banking, Facebook, Twitter, anywhere you type in a password
- Make sure that your personal computer is secure by regularly updating your operating system
- Back-up your site often. This will help if you do get infected and need to reinstall anything.
- Don’t open email that you suspect to be spam. Don’t approve comments on your site that appear to be spam. Don’t follow those Pinterest users that are clearly spammers.
But, on the plus side, I learned a bit more about html and all the things that are going on in my site, and that’s kinda cool. So, at least there’s a good side to all of this.
Here are some of the sources I used for this post (though I did a lot of reading while I was looking into this matter, and I don’t have links for all of what I read): Security. Malware. YouTube.
Sucuri has done such a great job. If you’re interested in protecting your blog as well, you’ll want to hire them.