HELP! I’ve been attacked!! Now what?
Don’t worry I haven’t been abducted by aliens or humans, for that matter. But it could have come to that very easily! As you all know, I’ve been busy redoing and upgrading my website, writing technology courses, learning new things to teach you, etc., etc., etc.
But I learned a very timely lesson this week, one which could have cost me a setback in my business, not to mention time and money. I’m here to share that, and give you some quick things you NEED to do right now, to stay protected on your website.
Haven’t set up your website yet? I can help! Contact me for more information.
As you know, I build safe and optimized sites for my clients, but that doesn’t mean I’m not vulnerable, too. Which is why staying up-to-date is critical. Security is one of the most overlooked areas of your website, arguably as important as writing great content or having a user friendly design.
The good news is there are some simple things you can do right now to help protect your site should you be attacked. The really good news is that they will only take you a few minutes.
Last week I was testing a new tool for SEO, or Search Engine Optimization, which is just a fancy term for helping Google and other search engines know that YOUR site is the best fit for the people looking for it. You can learn more about SEO with my soon to be released course titled Stop Being a Secret: Get Found on the Internet.
Within a day of installing the tool I was testing, I received an email from WordPress at my site that said my account had been locked for too many failed login attempts. Not good.
Now, I am a pretty forgetful person and under normal circumstances I might have accepted this as truth except for two things:
- I can’t remember (haha! I crack myself up sometimes!!) the last time I forgot my password and
- The times listed in the email as the failed attempts were times I was on an airplane.
Since I was traveling, I just ignored the emails I received. (Don’t ever do this! Ever! If you don’t have the right tools in place, it could be disastrous to your site. Do as I say, not as I do!!!)
The good news is all is well. When I returned home I was able to easily resolve the issue and because of the security measures I had in place, I was not hacked. Only inconvenienced. Naturally, the first thing I did after restoring my logins and passwords was uninstall the tool I had been testing.
So, moral of the story: seemingly innocent and weird things can leave you vulnerable for an attack. But, there are some things you can do to help lower your chances of being attacked. Being attacked is recoverable. Being hacked is not always recoverable.
How to tell if you are being attacked:
- You received emails from your site stating your account has been blocked
- You cannot log into your site because the number of attempts has been reached
- If you have the ability to track activity on your site, you might notice spikes of activity for no reason (no marketing campaign, etc.) NOTE: This is not always a good indicator.
- You receive a notice from your hosting company that your site has been removed due to an attack (if this happens, usually your only resolution is to call them)
How to lower the chances of being attacked:
- NOTE: Before doing ANYTHING with your site, make sure you have a BACKUP. You should be backing up regularly. If you need help or ideas of how and how often to backup, contact me.
- Make sure your site is set to automatically update when WordPress releases a new version. WordPress is constantly updating their security measures so if you want to stay current, you must make sure you are running the latest version of WordPress. If you haven’t updated WordPress in a while, your site is greatly at risk!!
- Keep your theme and plug-ins up-to-date
- Use a security plug-in. As you know, I am not a big proponent of plug-ins. But some are necessary and having a few won’t slow down your site. There are several security plugins that are highly rated such as All in One Security and Firewall, Wordfence and Sucuri. You want a security plug-in that also has a firewall.
- Don’t use “admin” as the username you use to log into your site
- Don’t use your site name as your username such as “viviansays.com”
- Use a unique password that is fairly long
- If you continue to be attacked, ask your hosting company to move your site to another server
If you aren’t sure, feel free to email me to learn more about working with me for a security check and update.
Finally, I just want to share with you how serious this is:
I have a client that likes to be a DIY website tech on her own site, which can be a great option for some folks. We work together for what she needs in terms of training and off she goes. She’s been extremely busy the last few years and neglected her site. In fact, she didn’t even look at her site for a couple of years. When she finally set aside some time to dedicate to her site, it had been taken over by aliens. Well, it looked like aliens had taken over. We ended up having to completely rebuild her site on a new server. Don’t let this happen to you!
You wouldn’t want to go years without checking your smoke detectors, right? In the digital world, waiting until you need those security measures to work can lead to bad results.
Looking for more great website resources? Click here to learn more about getting your site found on the internet!
Until next time “live life, not work”!