This post may contain affiliate links. We may earn money or products from the companies mentioned in this post.
Sorry Puppy Lovers this is another post for my fellow Pet Bloggers, but not to worry I’ll soon be back on a regular puppy posting schedule. Stay tuned!
Two Months! That’s how long it took me to get my blog back to somewhat normal. You probably didn’t notice many changes if you visited the site during that time, but my side was a living hell! Lets just say on several occasions I thought about shutting it all down. I’m over the hump, but there are still a few hurdles to get over before I can exhale.
For all of you Pet Bloggers out there if you’re okay with losing everything then don’t worry about treating your blog like a business. If not, read on, and please follow
some all of these business blogging tips.
#1 WordPress, Plugin, And Theme Updates
I’m not sure if everything would have been avoided had I been uber diligent about running my updates, but almost everywhere I’ve read states that not keeping up to date on your plugins, themes, and WordPress releases is one of the most common ways for your website to get hacked.
WordPress reminds me of Microsoft Windows. WP is the mega-player when it comes to Content Management Systems and Blogging Software. The majority of hackers are likely focusing their attention on the biggest target: WordPress blogs. Especially those that have not been updated. Updates often times are patching security holes which are exposed to a larger audience anytime WP release a new versions.
So for goodness sake keep those plugins and WP releases up to date! It’s a simple click of the mouse. By the way, this brings us to point #2. Run a backup before updating WordPress or any of your plugins. Speaking of backups…
#2 Scheduled Backups
Backup Your Blog! Let me repeat: BACKUP YOUR BLOG!
I’m an idiot! Yes, I know this. I worked as a Web Manager for a small technical training company for 7 years and I knew the importance of regular backups. The concept was proven! There were several occasions during my tenure when backups were invaluable!
If I had backups for the past 30 days I probably could have restored to a version of my site before it was hacked saving me a whole heck of a lot of headache.
You need a backup plan! Here are a few questions you should ask:
- What am I willing to lose? – I had a daily backup at my last job and the IT Manager kept copies of these backups on tape drives for a an infinite period of time. We were willing to lose a days worth of data. My blogging backup plan won’t be as aggressive as I was in the corporate world. I’m running a weekly backup and plan on keeping a copy of backups for at least the past 30 days. So what does this mean? Well, I could feasibly lose a weeks worth of blog posts and comments if I have to restore to my most recent backup which could be up to 7 days old.
- Does your web host keep backups? – I just moved to a new host and through research and experience it seems most hosting providers run a weekly backup, but do not keep copies of your past backups. By the way, our last host charged $15 to restore to their backups.
- How will you create your backups? – There are backup plugins. There are backup services. You can run backups through your cPanel and PHPMyAdmin. We’ve used backup plugins like UpDraft and WP Backup. We’ve also used cPanel and PHPmyAdmin. Take the time and learn how to schedule backups for your blog.
- How will you restore your backups? – When we tried to restore backups using UpDraft the restore failed. Lucky for us our host restored to our backups free of charge.
- Where will you store your backups? – We’ve tried saving to our own server and email, but we’re now looking into something more robust like storing on an Amazon S3 Server.
My Backup Plan:
- Run weekly backups. Save backups for a minimum of 30 days.
- My new hosting provider runs backups. I’ll rely on my host backups as a last resort
- I’m evaluating VaultPress and BuddyBackup plugins. Looks like VaultPress is the front runner, but my new web host has a personal backup plan integrated with Amazon S3 that I’m also giving a try. The free route (UpDraft) did not serve me well.
- These plugins have an easy restore process, but I’m also wondering what happens if I can’t get to my WP Dashboard? I’m still in the research phase.
- The plugin I choose will determine where I store my backups, but the options are Amazon S3, Dropbox, VaultPress Servers, or email.
#3 Technical Support
I fancy myself a pretty good DIY technical person when it comes to managing websites. I have experience managing Microsoft Web Servers as well as working with various hosting companies and hosting plans. I’ve worked with shared hosting and VPS hosting plans. I’ve worked with different control panels like cPanel and Plesk.
While I wouldn’t consider myself an expert in any one thing I’ve always been somewhat a jack of all trades. When it comes to this blogs existence (almost 8 years) I’ve had problems come and go, but I’ve never had an issue I couldn’t handle until this year. My problem was I didn’t have a tech support person in my back pocket to help me out during my moment of need.
Here’s how everything broke down for me:
- I tried to fix the issues on my own – this was the first time I could not handle a technical issue on my own. Time Spent ~1 week
- Hosting companies tech support team – restores, removing files, removing plugins, etc. the problem remained unsolved – Time Spent ~ 3 weeks
- Recommended tech support person – I received a recommendation from a smaller hosting company. This person actually did more harm then good shutting down parts of the site that disabled functionality. Time Spent ~ 1 weeks
- Fantasktic Tech Support – I was already thinking about moving to Synthesis Web Hosting and this was their recommended migration company. I contacted them to see if they could help clean out malicious files causing my problems and clean out my database before migrating to a new host. They did a scan and determined they could repair my site. YAY! ~ 4 weeks
Fantasktic fixed my site, but the only problem I had was the amount of time it took. The evaluation took about a week. After I accepted the work order it took approximately another week for them to start the project. It took another week for them to complete the project. Finally it was another week of back and forth before we worked out the final kinks. I’m sure you could expedite this process with a little extra money, but for now the slow process is the only reason I’m not giving them top grades.
#4 Setup Google Webmaster Tools
By the way, I did mention I’m over the hump, but not out in the clear. Everything that I can see on my server and in my database appears clean now and I haven’t been having issues for a couple weeks. Now comes the BIG BUT! But…this requires another list:
- Google Webmaster Tools (GMT) has given me a manual penalty. I sent a request for review, but this can take several weeks to resolve.
- GMT shows 68,988 indexed pages on my site. Before the site was hacked I only showed 1,288 indexed pages. Yep, hackers inserted thousands of spam posts and pages into my database that were indexed by Google. Why was this undetected by me? Because they didn’t actually show in my WP Dashboard. You had to go directly to the mySQL database in order to see these spam records.
- GMT shows thousands of outside spam links pointing to the spam content on my site. This number is tougher to estimate, but it looks like somewhere in the neighborhood of around 50,000 spam links pointing to the site.
My hope at this point is that Google will look at my request for review and be able to easily discount all of the spam indexed pages and spammy back links. Hope…Hope…Hope…
If not, I’m looking at an uphill journey of disavowing 50K+ back links and requesting removal of 60K+ pages from the Google Index. 🙁
#5 Setup Google Alerts
Guess how I first found out I had been hacked? I have a Google Alert setup for my domain and it sent me an alert telling me something new from PuppyInTraining.com was showing up in Google Search.
Setting up Google Alerts is simple. You already have a Google Account, right?
- Go to Google Alerts
- Use your Google Login
- Type the word(s) you’d want an alert.
- Click “CREATE ALERT”
I monitor all of the websites I manage using Google Alerts as well as my name. Alerts sends an email to your Gmail account whenever you have a new alert which could be daily if you’re extremely popular!
Well peeps that’s about all I’ve got from the top of my head. I’m sure there were many other lessons learned from this catastrophe, but I’ll save that for another time. If you have any great tips on how to keep a blog from getting hacked please share with us in the comments below. I’m not looking forward to this ever happening again every bit of advice is much appreciated. Kudos to you if you read this post to the very end! Hopefully you gleaned at least one idea that will help you better secure your blog.
As a good friend of mine used to tell me “Here endeth the lesson…” Sorry folks the good friend wasn’t Sean Connery. Happy Blogging!!