I Got Hacked! (How To Protect Your Wordpress Site)

October 19, 2024
Courey

Did you know there are over 1.1 billion websites online and over 40% of them are made with Wordpress.

That means that about 478 million of them are vulnerable to get attacked and hacked.

and 30,000 websites gets hacked daily and I was one of the lucky ones.

What makes it really bad is I bought a security plugin to protect my website from these types of attacks.

It was annoying because in my little corner where my website sits and barely making any noise, I got picked on.

The problem

You see the problem was whenever I posted something on my Pinterest they were redirected to some spam site.

It's weird because I didn't notice it because whenever I went to my website directly there was no problem. The only reason I noticed was because when I was checking my sites analytics it seemed I just lost the little traffic that I was getting.

I couldn't figure it out but somehow I went to my profile and when I clicked on my link I found it.

Something like this has happened before where someone hacked my site and added 1000s of bogus blog posts related to gambling and casinos.

I'll give it to the hackers because they knew how to do SEO because they were getting tons of traffic using my domain. 

This is when I started getting serious about my security.

However there were still holes and I needed to fix them.

I bought an app at the time called Malcare to help me avoid these annoying encounters.

Yet this time Malcare wasn't working properly and I got tech support to get involved, and honestly I’m still waiting on a response from them (I put in the request on Monday).

If you remember my philosophy from last week…

Everything is trash, until proven guilty.

I was stressed and annoyed because the plugin was to give me peace of mind instead I was just pissed off.

So I had to take things into my own hands.

The Verdict

So did I fix it?

Well if you're reading this on my website right now you are a witness to my grit and tenacity.

I'm not an expert in tech and code but one thing learning how to build my own website, and coding, has taught me is how to handle bugs and finding solutions to them.

Most importantly, how to take it one step at a time.

What happened was my index file (the main file that a browser uses to open the home page of your website) was corrupted. Somebody, or a bot, somehow gained access and inserted some bogus code.

So whenever someone tried to access my site they would be redirected.

I deleted that line of code and it's been over a day and everything still seems to be in working order.

I finally got peace of mind. 

But even better I figured out the problem myself and took control over something that was hindering me from reaching my goal.

That is why I want to give you some tips to help you protect yourself if you want to use wWrdpress to make a website.

It's just takes a few things to protect yourself and continuous monitoring of your site.

Because if you just leave everything alone you leave yourself open to hacks that could have been prevented.

5 Ways To Level Up Your Wordpress Website

These steps are not absolute but they are a good starting point to web protection.

1) Create a unique username and password

By default your username is "admin" and most hackers find this lazy loophole with users and take advantage of that.

Change your username and password that is unique and a little difficult to crack

2) Hide you login page

Anyone who uses wordpress knows that the default link to access the dashboard is by your domain name and /wp-admin.

ex: domain.com/wp-admin

Sadly, I left it that way for years and it was a potential opening to access my site.

Best way to help ward off hackers is to hide your default login page

You can do this by downloading a plugin called "hide my login"

After you activate it you will be able to change the ending url (wp-admin) to something unique

3) Download the Wordfence plugin

I can’t believe I missed this one but this is a simple security plugin that will scan your website and search for any corrupted files that need to be repaired or deleted.

I used this plugin on other sites and didn’t even realize I didn’t have it on my personal site. 

I only use the free version but it has been doing well but I might update it in the near future just to be safe. But it has handled what I needed.

Now I did use Malcare before and I had a more serious attack before and they did take care of it but it seems they have fallen off and I had to fix the problem myself this time

For $100 for the year I would expect a little more customer service

4) Backup your site often

Now this should have been the first suggestion but you should back your site up regularly because you never know when you can be attacked and need to do a reset.

I use "updraft" but any backup plugin would work

Get familiar with wordpress files and check for any out of place

This one can be tricky and technical if your new to this but it is good to get familiar with the Wordpress files.

Best approach is to go file by file. You don't have to memorize them but just familiar with the names, especially the important ones like:

  • index.php
  • wp-config.php
  • htaccess

Its good to have a clean and fresh version of Wordpress saved somewhere so you can compare the new files with yours.

That's how I was able to spot the weird code in my index.php file, plus a little research telling me to check that file specifically.

5) Check for any added users

Last but not least I found that these hackers seemed to create admin users on my dashboard. They even found a way to block me from deleting them from the dashboard.

Luckily I knew how to work my “cPanel” then go to “phpmyAdmin” then in the “wp_users” and from there I was able to delete them. 

Since doing all this and a check throughout the day everything seems to be working like before.

I wrote this not to scare you but to let you know

If you want something to change something you have to take control of it yourself.

Sometimes waiting on someone will take forever and your problem will not get solved.

So I hope you learned something from my problems and if your interested in making your own website with wordpress then check out this article

Well that's it for this week.

Stay safe and talk to you next week

P.S. I have a personal question for you. What is one thing I could help you with when it comes to learning code or web development? What is your biggest challenge? Let me know here

When your ready here's how I can help

Website Copy Template

Learn my step-by-step guide to writing content for any landing page. If you want to learn a simple way to market a product or service without feeling sleazy then follow this template as your intro to copywriting 101.
Get My Template