{The Composition by Matt Leyen}
Yesterday, all my websites were hacked.
They’re all safe and sound now… but it taught me a very important lesson.
Sometimes, it’s best to not Do-It-Yourself.
I started getting concerned when my WordPress dashboard went wonky. None of the css was loading, so it looked awful. Then, I got a few people telling me my sites were taking a long time to load; they were getting Internal Server Errors; and, finally, some folk told me that when they tried to load the blog, they were getting redirected elsewhere.
Let me tell you – discovering that the foundation of your livelihood has been attacked by malicious software is a pretty terrifying experience!
Within 2-3 hours, Nick and I had worked out what the problem was (malware that had infected every single php file in most of my WordPress installations). I’d contacted my webhost. We’d worked out how we thought we could fix it (by editing each file individually to remove malicious code).
Now, I’m no dummy when it comes to websites, basic coding and dealing with ftp and the back-end of my websites. I’ve been making websites since I taught myself html in the evenings after school back in 1996. However, back then, websites were very simple things, as were computers. These days, it’s a whole ‘nother ballgame.
But you know what? If I’d tried to fix it myself, manually, it would have taken both of us umpteen hours – possibly days – to do so.
Frankly, that did not cut the mustard. I wanted it fixed, and fixed yesterday, so my sites weren’t harming other people’s computers.
So, I did some quick research and found a company who would not only fix my current problem, but monitor all my core websites for a year…. and all for less than 200 bucks. I checked their Twitter and Facebook to see how legit they were (a good example of how having active social media accounts increases your social proof).
In my opinion, it was a no-brainer.
In just over an hour (an HOUR, people) these guys had fixed and cleaned all of my sites for me.
I’m sure they have some sort of script that they run to fix these things, which might have just taken them a few button clicks. Maybe that meant it only took them 10 minutes to fix. But you know what? I don’t care. I don’t care how long or short a time it took them – the immediate safety of my websites is worth paying for, even if I could have fixed this myself, eventually.
Of course, there are lots of things Nick and I will be doing now to clean up my security (updating all my WordPress plugins and themes to the latest versions, for example) but fundamentally, the problem is fixed – and will be fixed for me if it re-occurs down the line.
I was actually surprised by how calm I managed to stay throughout this – and how quickly and happily I paid money to have the problem fixed. I have a massive DIY mentality – but it showed me that I’m also growing into the mindset of a businesswoman.
Sometimes, for the integrity, safety, and growth of your business – not to mention your own sanity – it is absolutely vital that you let go and let someone help you.
A lesson I will remember, though no doubt the universe will send me a little reminder once in a while.
P.S. A lesson for all of us – run your virus scans, people! If you don’t already have a good one installed, get avast! – it’s free and it’s awesome. It talks to me in pirate-speak because on talk-like-a-pirate-day last year they had the option to change alerts to pirate-speak and I never changed it back because I liked it so much ;D I like a company with a sense of fun!
P.P.S. Are there aspects of your business that you really need to un-DIY? What’s holding you back?
***
Want more Epheriell-y goodness? Subscribe to Epheriell Designs! Also, you can follow me on  Twitter!
So glad to hear that everything was back online so quickly for you. A great post Jess, with loads of food for thought.
As soon as I heard of the timthumb problem, I fixed the security hole. I’m definitely doing it all myself, even accounting. The reason being that I simply can’t afford to get others to do it for me.
I’m also an IT professional, so I like to have the websites under my own control. I do my best to harden them against attaks like these, but the only way to be 100 % safe, is to pull the RJ45 out of the machine.
I’m going to be going through and deleting themes I don’t use today, that’s for sure! And all my plugins are up to date now, too…
I’m so glad that it was all fixed quickly and easily. The same thing happened to my Husbands website. To say that it scared the geebers out of us was an understatement. You feel all violated and just yuk. It too taught us a very important lesson and one that if this didn’t happen to us, we probably would not have learnt.
Glad everything is back to normal, some things are best left to the experts for peace of mind. 🙂
I cannot imagine how stressful this would be! As you said the site is your livelihood.
What scares me is you are the 3rd blogger in 3 weeks that I have heard about having their site hacked. WTF is going on internets?
Hi Jess, I feel bad now that I didn’t let you know at the time. I did go to a strange site from one of your links on Monday but then when I tried the link again it worked so I thought it was just a weird random thing that had happened the first time. Next time that happens with anyones site I will be sure to let them know straight away.
Glad to hear you got it all working again very quickly.
Have a great day.
Oh, no worries, Meg – that was the insidious thing about it, it didn’t redirect people all the time, so it took a while to realise there was something wrong! 🙂
Phew!! I am glad you are back and all is well in Epheriell World!
I learned a long time ago that sometimes it is just better to cough up the cash and leave a job to the professionals rather than do it myself just because I can!
Love, Yes… so great you now have precautions in place to secure your lively hood. Glad its all better now!
I really appreciate all the tips you share here very useful..Thanks for sharing..
I must have been one of the lucky ones who didn’t get the re-direct or wonky load Jess, although when I read your tweet I was (a) worried about my computer and (b) sympathizing with your stress.
It’s prompted my to go through and delete all the themes I don’t use in WP though. I’m already super diligent with plug-ins, but had been letting the themes go as I wasn’t quite sure how to delete them.
Thanks for the ‘important lesson’ and so glad that things are up and running for you again!
Tasha xo
What a bugger, but I totally agree that hacking is one time I’m not going to attempt DIY, especially when there are smarter, better and quicker people out their offering such a reasonably priced service