Pet Bloggers Beware The Hackers!!!

This post may contain affiliate links. We may earn money or products from the companies mentioned in this post.

Puppy and His Laptop
Our Security Hound!  Keeping PuppyInTraining.com secure from Hackers.

Sorry Puppy Lovers this is another post for my fellow Pet Bloggers, but not to worry I’ll soon be back on a regular puppy posting schedule.  Stay tuned!

Two Months!  That’s how long it took me to get my blog back to somewhat normal.  You probably didn’t notice many changes if you visited the site during that time, but my side was a living hell!  Lets just say on several occasions I thought about shutting it all down.  I’m over the hump, but there are still a few hurdles to get over before I can exhale.

For all of you Pet Bloggers out there if you’re okay with losing everything then don’t worry about treating your blog like a business.  If not, read on, and please follow some all of these business blogging tips.

#1 WordPress, Plugin, And Theme Updates

I’m not sure if everything would have been avoided had I been uber diligent about running my updates, but almost everywhere I’ve read states that not keeping up to date on your plugins, themes, and WordPress releases is one of the most common ways for your website to get hacked.

WordPress reminds me of Microsoft Windows.  WP is the mega-player when it comes to Content Management Systems and Blogging Software.  The majority of hackers are likely focusing their attention on the biggest target: WordPress blogs.  Especially those that have not been updated.  Updates often times are patching security holes which are exposed to a larger audience anytime WP release a new versions.

So for goodness sake keep those plugins and WP releases up to date!  It’s a simple click of the mouse.  By the way, this brings us to point #2.  Run a backup before updating WordPress or any of your plugins.  Speaking of backups…

#2 Scheduled Backups

Backup Your Blog!  Let me repeat: BACKUP YOUR BLOG!

I’m an idiot!  Yes, I know this.  I worked as a Web Manager for a small technical training company for 7  years and I knew the importance of regular backups.  The concept was proven!  There were several occasions during my tenure when backups were invaluable!

If I had backups for the past 30 days I probably could have restored to a version of my site before it was hacked saving me a whole heck of a lot of headache.

You need a backup plan!  Here are a few questions you should ask:

  1. What am I willing to lose?  – I had a daily backup at my last job and the IT Manager kept copies of these backups on tape drives for a an infinite period of time.  We were willing to lose a days worth of data.  My blogging backup plan won’t be as aggressive as I was in the corporate world.  I’m running a weekly backup and plan on keeping a copy of backups for at least the past 30 days.  So what does this mean?  Well, I could feasibly lose a weeks worth of blog posts and comments if I have to restore to my most recent backup which could be up to 7 days old.
  2. Does your web host keep backups?  – I just moved to a new host and through research and experience it seems most hosting providers run a weekly backup, but do not keep copies of your past backups.  By the way, our last host charged $15 to restore to their backups.
  3. How will you create your backups? – There are backup plugins.  There are backup services.  You can run backups through your cPanel and PHPMyAdmin.  We’ve used backup plugins like UpDraft and WP Backup.  We’ve also used cPanel and PHPmyAdmin.  Take the time and learn how to schedule backups for your blog.
  4. How will you restore your backups? – When we tried to restore backups using UpDraft the restore failed.  Lucky for us our host restored to our backups free of charge.
  5. Where will you store your backups? – We’ve tried saving to our own server and email, but we’re now looking into something more robust like storing on an Amazon S3 Server.

My Backup Plan:

  • Run weekly backups.  Save backups for a minimum of 30 days.
  • My new hosting provider runs backups.  I’ll rely on my host backups as a last resort
  • I’m evaluating VaultPress and BuddyBackup plugins.  Looks like VaultPress is the front runner, but my new web host has a personal backup plan integrated with Amazon S3 that I’m also giving a try.  The free route (UpDraft) did not serve me well.
  • These plugins have an easy restore process, but I’m also wondering what happens if I can’t get to my WP Dashboard?  I’m still in the research phase.
  • The plugin I choose will determine where I store my backups, but the options are Amazon S3, Dropbox, VaultPress Servers, or email.

#3 Technical Support

I fancy myself a pretty good DIY technical person when it comes to managing websites.  I have experience managing Microsoft Web Servers as well as working with various hosting companies and hosting plans.  I’ve worked with shared hosting and VPS hosting plans.  I’ve worked with different control panels like cPanel and Plesk.

While I wouldn’t consider myself an expert in any one thing I’ve always been somewhat a jack of all trades.  When it comes to this blogs existence (almost 8 years) I’ve had problems come and go, but I’ve never had an issue I couldn’t handle until this year.  My problem was I didn’t have a tech support person in my back pocket to help me out during my moment of need.

Here’s how everything broke down for me:

  1. I tried to fix the issues on my own – this was the first time I could not handle a technical issue on my own. Time Spent ~1 week
  2. Hosting companies tech support team – restores, removing files, removing plugins, etc. the problem remained unsolved – Time Spent ~ 3 weeks
  3. Recommended tech support person – I received a recommendation from a smaller hosting company.  This person actually did more harm then good shutting down parts of the site that disabled functionality.  Time Spent ~ 1 weeks
  4. Fantasktic Tech Support – I was already thinking about moving to Synthesis Web Hosting and this was their recommended migration company.  I contacted them to see if they could help clean out malicious files causing my problems and clean out my database before migrating to a new host.  They did a scan and determined they could repair my site.  YAY!  ~ 4 weeks

Fantasktic fixed my site, but the only problem I had was the amount of time it took.  The evaluation took about a week.  After I accepted the work order it took approximately another week for them to start the project.  It took another week for them to complete the project.  Finally it was another week of back and forth before we worked out the final kinks.  I’m sure you could expedite this process with a little extra money, but for now the slow process is the only reason I’m not giving them top grades.

#4 Setup Google Webmaster Tools

By the way, I did mention I’m over the hump, but not out in the clear.  Everything that I can see on my server and in my database appears clean now and I haven’t been having issues for a couple weeks.  Now comes the BIG BUT!  But…this requires another list:

  1. Google Webmaster Tools (GMT) has given me a manual penalty.  I sent a request for review, but this can take several weeks to resolve.
  2. GMT shows 68,988 indexed pages on my site.  Before the site was hacked I only showed 1,288 indexed pages.  Yep, hackers inserted thousands of spam posts and pages into my database that were indexed by Google.  Why was this undetected by me?  Because they didn’t actually show in my WP Dashboard.  You had to go directly to the mySQL database in order to see these spam records.
  3. GMT shows thousands of outside spam links pointing to the spam content on my site.  This number is tougher to estimate, but it looks like somewhere in the neighborhood of around 50,000 spam links pointing to the site.

My hope at this point is that Google will look at my request for review and be able to easily discount all of the spam indexed pages and spammy back links.  Hope…Hope…Hope…

If not, I’m looking at an uphill journey of disavowing 50K+ back links and requesting removal of 60K+ pages from the Google Index. 🙁

#5 Setup Google Alerts

Guess how I first found out I had been hacked?  I have a Google Alert setup for my domain and it sent me an alert telling me something new from PuppyInTraining.com was showing up in Google Search.

SQL Injection Hack
SQL Injection Hack

Setting up Google Alerts is simple. You already have a Google Account, right?

  1. Go to Google Alerts
  2. Use your Google Login
  3. Type the word(s) you’d want an alert.
  4. Click “CREATE ALERT”

I monitor all of the websites I manage using Google Alerts as well as my name.  Alerts sends an email to your Gmail account whenever you have a new alert which could be daily if you’re extremely popular!

Well peeps that’s about all I’ve got from the top of my head.  I’m sure there were many other lessons learned from this catastrophe, but I’ll save that for another time.  If you have any great tips on how to keep a blog from getting hacked please share with us in the comments below.  I’m not looking forward to this ever happening again every bit of advice is much appreciated.  Kudos to you if you read this post to the very end!  Hopefully you gleaned at least one idea that will help you better secure your blog.

As a good friend of mine used to tell me “Here endeth the lesson…”  Sorry folks the good friend wasn’t Sean Connery.  Happy Blogging!!

Top Picks For Our Puppies

  1. BEST PUPPY TOY
    We Like: Snuggle Puppy w/ Heart Beat & Heat Pack - Perfect for new puppies. We get all of our Service Dog pups a Snuggle Puppy.
  2. BEST DOG CHEW
    We Like: Best Bully Sticks - All of our puppies love to bite, nip, and chew. We love using Bully Sticks to help divert these unwanted behaviors.
  3. BEST DOG TREATS
    We Like: Wellness Soft Puppy Bites - One of our favorite treats for training our service dog puppies.
  4. BEST FRESH DOG FOOD
    We Like: The Farmer's Dog - A couple months ago we started feeding Raven fresh dog food and she loves it! Get 50% off your first order of The Farmer's Dog.

Check out more of our favorites on our New Puppy Checklist.

Similar Posts

12 Comments

  1. Those are some great tips for owners of pet blogs. I have a pet blog as well and make sure to make it as secure as possible and backup on a regular basis.

    Glad to hear you got your website back up and running and you didn’t give up the site.

  2. I know where you’ve been. Just redid one my websites, rebuilt one for someone else, and just created a new one. Lots of new themes to work with and so much more. It’s fun, and yet tiring.

    1. Hi Eric, we love puppies too! Puppies are adorable, but they are also a lot of work. Make sure you do your research before bringing one home.

  3. Hackers, gross. What a stressful ordeal that must have been. I am impressed at your tenacity. Thank you for the tips on how to protect our blogs. I adore the picture of your guard dog 🙂

    1. Thanks Sam! It seems it’s our nature to be reactive rather than proactive. From here forward I plan on taking a proactive approach to security on my blog.

      Yes, that guard dog is fierce!

    1. Yes, a bit of a nightmare, but I did get some good news recently. I received an email from Google saying that the manual penalty has been lifted from my site. Now I’m just monitoring to see if Google will cleanup the bad links and URL’s or if it’s something I’m going to have to do manually.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.