How Did We Get Here with Website Security?
What got us to the point of creating our website security plan was the summer of 2018, six short months after launching our website redesign, of 12 months worth of painstaking strategy, keyword research, writing more and new content, design graphics, creating offers, you name it for digital marketing we are doing it. Then it happened. That’s right! A hacker broke in. We want to make sure this doesn’t happen to you.
Our Experience website hack
My site was hacked not long after Godaddy in August of 2018. What? At first, I was having the pity party of a lifetime. “WTH…Why me?” My team and I just spent 12 months and countless hours redesigning and creating content, then launched the new website in April 2018. In August, some hacker decides to make my website his testing ground to wreak havoc on my business. Livid doesn’t begin to express my emotions.
Then, I thought, this is an opportunity to learn all about what just happened here and what needs to be done to recover? How to fight back! Why? So I can do this for all my clients and have the strategic weapons to prevent hackers from violating any of our websites ever again. “Never” is a pretty tall order. But at Hit-the-Web Marketing, that is one of our latest and ongoing missions.
I find a little consolation from WordPress saying “don’t feel bad this is happening to even the best of cybersecurity companies”. It’s happening to large companies who are investing megabucks to secure their information as well as their client and patient information. So, hacker, you have nothing better to do than to bring down good business? We are not going to take this. I never stand down from a bully. Cyberbullying is an even bigger coward. No face to him or her. How convenient for you.
All of Our Website Pages Show Signs of a Hack Attack
As I mention, all our website pages looked like what you see in the picture above. The search engines show Chinese characters for all page Titles and Descriptions. This is horrible. This is why search engines place websites on the blacklist. And with good reason. This poses a threat to all visitors.
Email Campaign Intercepted
We were developing one of our monthly email reward programs. We sent our email to a couple of our testers. As one tester reported as he clicked a link to the website, he is receiving notice ” website ahead contains possible malware.”
“Ok,” I said, “I’ll look into it.”
I didn’t. He was right!
I dismissed it. I figured it was because we were sending a test email.
Little did I know a virus was lurking and spreading all sorts of havoc.
Then in social media
A couple days later from the email incident, I was posting to several different social media platforms. LinkedIn would not allow me to finish my post. The Post button was greyed out. I figured if I removed my link to my website, I was then able to post.
In frustration, I sent out a post that asked if anyone else was experiencing this phenomenon as if it was a flaw of LinkedIn. No response.
A couple of days later I happen to be on Linkedin again and open my profile. It shows a “general malware page” in link to your Website. AND because my Email includes my website domain name, it also shows signs of malware.
Twitter would not allow us to post tweets that include links to our website. I couldn’t understand why… until I found out why. The site was hacked. Ugh!
My stomach sank in horror. Just like it feels on a roller coaster ride you can’t wait to end.
Facebook didn’t show any signs that anything was wrong. No flagging of links to the website here.
Godaddy The Scape Goat
I place a call into Godaddy. I didn’t understand how and why my site is hacked. I think I’m doing all the right things. I have an SSL certificate. I have HTTPS. The man on the other end of the phone said,” well, you do use WordPress. There a many ways WordPress can get hacked. WordPress, plugins, themes.”
In my fit of anger, I didn’t believe him.
But then I started investigating. Was my software all up to date? Oops looks like my plugins were not up-to-date. I found the version of PHP was also behind .1 version. That made the difference!
What Our Own Investigating Reveals
Other issues we found as we continued to investigate and understand the scope of what happened here. All its effects on our business
We went on to find erroneous backlinks in badly named folders, our website was on a couple of blacklists, pages of our website were redirected to another website, google search console was sending me emails warning us of an attack. We listed out our pages as they are indexed by google and the titles and descriptions were all Chinese characters.
The extent of the attack was everywhere we built a presence online.
Why we blog about website security
We blog about website security to help businesses understand what is going on on the internet, how to block the hackers, block the malware, viruses, trojans, and ransom attackers, and for those DIY, for those non-DIY’ers who want a company who knows what they are doing and how to continuously deflect the hackers day in and day out, while you continue to do what you do best. Build your business.
Website security is an insurance package to ensure your website assets remain intact, the content and images, graphics, data, charts, video – all those pages cannot be kidnapped for ransom.
Who are we?
NOW….. I’m a woman on a mission!
Repelling cyber hackers one website at a time.
A digital marketing business who build websites, secure websites, and provide the gamut of digital marketing strategies depending on your goals can include social media strategy and rollout, website strategy, blogging, SEO, email campaigns.
We are on the hunt to find as many WordPress websites out there without https://.
Our mission … securing all businesses one website at a time. Join us!
In conclusion, your countless hours of content creation, search engine optimization, creatives of your most important online business asset – Your Website – can vaporize in an instant, if you are not paying attention and taking proactive steps. What is at stake is your reputation, your website, your social media, your email marketing, your search engine ranking. It can ruin your business, and equally important- if a visitor, client, customer, or prospect is infected it can ruin their computer and possibly their business. It is bad enough if they receive the screen of red horror. What are the chances they will return to your website? Two chances; slim and none.
How Hit-the-Web Marketing Helps Our Clients Handle Their Website Security
Hit-the-Web Marketing knows firsthand how to deal with this situation. We now know all the steps needed to recover from this tragedy. We have plans, policies, and procedures in place to ensure this doesn’t happen again. It’s part of cybersecurity and we are on it! We can help put procedures in place for your business website before this ever happens to you. We have been in the technology industry for over 33 years. We can help you.
Here’s What We Are Doing About it. We built a Website Security & Maintenance Plan to help ensure this doesn’t happen to you, your business.
Can you do this yourself? If you are technically inclined. What do you want to focus on? Building your business or spending hours ensuring your online presence is safe. Let us take the worry out of your business becoming the next victim. It’s not a matter of if, it’s a matter of when.
Many businesses lack internal skills to maintain website security
Also, do your employees have experience working with website security. We’ve made it our business to study it for the last 3 years and we will continue to stay on top of it. Website security is a lot like Cyber Security. Hackers are not going away. More and more countries are investing in educating engineers and those interested in learning how to hack via the web. Holding a business hostage for ransom has become a lucrative business.
It’s interesting how this is one area the government seems to pay for ransom. It’s still someone holding a business for ransom. Our government included.
Updating Software Can Take Down Your Website
Unforeseen things can go wrong when the software is updated. We have seen these take-down websites. They then have to be restored from backup. Don’t have a backup? Then it’ll cost you to have another website built. Try to remember all that you have into this one. It can be a nightmare. We have been able to rebuild websites in a day with our procedures. Here’s one way to backup your WordPress website.
Why Hit-the-Web Marketing? The Technical Knowledge
We have the technical know-how to correct things when good intentions go wrong. Keeping your website safe means keeping software updates, having a schedule of regular backup procedures in place, backup in more than one location, scanning for malware, and preventing login attempts and ensuring hackers accessing your website by guessing passwords doesn’t happen. We provide monthly reporting so you can see what has been done to keep your biggest online business asset – your website – safe.
Other blog posts and resources on our site may be helpful to you.
7 Ways You’re Paying Hackers To Violate Your Website
13 Signs Your Website Has Been Hacked
Our Website Security Maintenance Plan