Costa Rica wedding

awww..... 😉

Hey everyone! I know I’ve been a little MIA lately, but I promise I had some good reasons to be away. First, I left for Costa Rica on September 24th to get married to my best friend Eric on September 29th! Then we had our honeymoon during the first week of October, just another week by ourselves in Costa Rica. We had a spectacular time and my main goal was to focus on my new husband, so I pretty much stayed off the computer the entire time.

The next reason is not necessarily a “good” reason per se, but while we were away, the main website on my hosting account was hacked and blacklisted as Malware by Google. HUGE Bummer. 🙁 This in turn ended up affecting a few other sites I also had hosted under the same account. It was basically a nightmare. Luckily I have a developer friend that gladly helped me out in exchange for lunch and a few cups of coffee. How nice is that??

I thought you might want to know what I learned from that experience so that you can avoid it yourself because it really was a huge waste of time at the most inconvenient of times for me. So what did I learn?

Backup, Backup, Backup!

I cannot stress this enough. If you haven’t read my previous post about how to back up your data, you should check that out right now and do a backup of your WordPress site(s) right now.

Keep WordPress Updated at ALL Times!

This is mainly why I got hacked. I have about 6 WordPress sites hosted in one hosting account with GoDaddy. There is one WordPress install at the root folder (the main folder) and the rest are all installed in subfolders within that root folder. The website I had installed at the root folder was one of the sites I was kind of done with. I hadn’t updated it in forever and it was for a business that was basically going out of business. So I never updated the install.

BIG MISTAKE

You see WordPress doesn’t do updates from time to time just for the heck of it. Sure, sometimes they have feature updates and stuff, but usually it’s because they uncovered vulnerabilities that hackers have figured out how to find. Updates are a way for them to block those vulnerabilities before the hackers find them on your website. So there you have it. These Russian spammers got into my root site through the old WordPress installation and were able to change my .htaccess files to redirect my site to their own malware sites.

Luckily Google usually figures this out pretty quickly to protect us and they threw up a big, ugly malware warning on my website:
Google Malware Alert

The bad thing about it is that if anyone tries to come to your website, they get scared away and may never come back! So the key is to deal with it as quickly as possible to get the warning removed.

How to Be Alerted if Google Finds an Issue with Your Site

You have to have your sites added to Google Webmaster Tools in your Google account. If you don’t have your site(s) added to this free service, you should. Don’t worry, it’s not too late, if you haven’t already, but it’s helpful to have. It determines the health of your site (malware) and gives you options to submit your site for verification after you’ve cleaned it up. If it does find malware has been installed on your site, it sends you an email to let you know so you can take care of it ASAP.

Google Webmaster Tools has a boatload of other user tools as well such as submitting a sitemap, finding out what keywords lead people to your site, etc. so it’s definitely worth your while to check it out.

What Else Can You Do To Protect Yourself?

As you might have guessed there is a lot more you can do to protect your WordPress sites from hackers. So what else can you do to add an extra layer of protection?

  1. Change your default admin username and create a very strong password.
  2. Set up a backup schedule (as mentioned previously) and have backups sent to you via email or cloud storage account on a weekly basis at the least.
  3. Hackers can also get in through bad code in plugins so be careful about the plugins you install. Make sure they have good reviews and are compatible with the latest version of WordPress.
  4. Use the following plugins (these are all safe to use):

There is always more you can do, but this should give you a good base. Feel free to do some of your own research on WordPress security,

What do you do to protect your WordPress installations?

Tags: , , ,

6 Responses


  1. Jenny @ Ex-Consumer on 07 Nov 2011

    Congratulations Marianne! I love the wedding picture — what an amazing place to be married. 🙂 It sounds like you and Eric had a wonderful honeymoon too!

    I’m so sorry your site got hacked. Thank you for this helpful post on how to help prevent a WordPress site hack. What a total pain that we even have to worry about things like this.

    I’m glad you got your site back up!

    Congratulations again!!!

    • marianney on 07 Nov 2011

      Thanks Jenny! Yeah it was a big lesson learned, but I’m glad it at least gave me something to share with everyone 😉
      Luckily this site did not get affected, but 3 of my other sites were down for quite a few weeks. That was NOT fun!

  2. Josh Martin on 14 Nov 2011

    Thanks for the great tips! And CONGRATULATIONS on your marriage! I was in Costa Rica last January and had a blast. It’s a beautiful country.

    • marianney on 14 Nov 2011

      Thanks Josh! And I hope these tips help!

  3. Thanks for sharing what you learned from this experience. I have a couple of blogs that are niche sites that I hardly ever touch. I’m going to get those updated pronto.

    • marianney on 17 Nov 2011

      thanks for reading and commenting Freedom. definitely get those sites updated!