The Case of the nice people who got hacked in an unsuspecting way
Hackers work 24/7 non-stop trying to hack your website
We’re not exaggerating here. They are covertly working to get into your website right this very second!
Most of the time website owners have no idea what’s happening until one day their website quits working, or they notice odd things on their website, or they start getting strange requests from scary looking people, or {shudder} their website gets shut down by Google.
Unlike the pests that invade your home who are only trying to go about their business of living and surviving (meaning they are not purposely trying to cause you harm), online pests (a.k.a. hackers) have an evil agenda and DO want to cause harm to you, your innocent website and your unsuspecting visitors. That’s why Google (and other search engines) are constantly patrolling the interwebs looking for websites that have been infected and are dangerous. Which is great – we’re glad they’re working to keep us safe! Well, it’s great until Google flags your website as dangerous to visitors!
Getting hacked doesn’t just happen to spammy-looking websites or websites that use cheap products. It happens to EVERYONE.
Let us introduce you to two very nice, successful, hard-working, do-things-the-right-way ladies. They got hacked (which was just the start of their problems).
Here’s how it all started: They purchased a package from Bluehost that includes installation of WordPress, a theme and a bunch of plugins. Bluehost didn’t provide clear information about what to do with all of those plugins (much less the rest of the website), if they truly needed all of the plugins, or if they needed to buy some of them (some plugins require you to pay a fee in order for them to work or be able to use certain features). Sadly, the plugin issue was only ONE of the many problems that happened to the ladies’ website.
You want to trust your web host because, well, they’re a professional, well-known service (not some fly-by-night company). But unfortunately, not all web hosts are looking out for your best interests. (Here’s one who is!)
Since their web host was only interested in selling services and packages, they (their web host) didn’t care to ensure their hosting account was properly secured and taken care of (we know, sounds crazy, right?!). Because of that neglect, a hacker was able to cause quite a bit of damage.
Hackers will find a way in.
The ladies’ website started having problems, and they were notified by Google that their website had been blacklisted. The ladies were horrified and scared (and had a big event launching in a couple days, so they needed their website to be safe and working), but thankfully, since one of the ladies in the partnership uses us to keep her own website safe, she knew exactly who to call!
First, we spent quite a bit of time chatting with Bluehost once we knew there was a problem, and of the issues we could actually see on our end, they said there wasn’t anything to worry about. We weren’t convinced, so we reached out to our security experts.
Right away, the ladies signed up for The Golden Maintenance Package, and we got busy cleaning up their website’s problems.
Here’s what was found and fixed!
- We were able to trace how the hackers gained access: There was an old WordPress install named “old” in the ladies’ web host account files. The attacker was able to gain access to the WP-Admin of that old site and used it to hack their new site. They never installed WordPress onto this hosting account, and it can’t install itself, so the only thing we can imagine is that Bluehost must have installed WordPress, then for some reason, installed it again…then didn’t delete the first install.
From what we could tell, it looks like it happened a couple of weeks before they noticed a problem. - We removed the old WordPress install/site which took away an easy access point for hackers.
- We removed all malware the hacker installed.
- We installed and configured iThemes Security along with our own custom security that’s monitored 24/7 by our advanced technical team at UnHack.net.
- We fixed/removed any other weaknesses in security.
- We requested a review from Google since the website had been added to one of Google’s blacklists. Normally, getting “un-blacklisted” takes only about 2 or 3 days. However, in this case, Google flagged something on the site which triggered a longer review that could take several weeks to clear up. We’ll keep an eye on this until the ladies are in Google’s good graces again.
- We set up our maintenance and daily backup processes. Making sure plugins are updated helps to keep your site working as it should and that plugin security patches are up to date (which helps to keep hackers out too). Having a reliable backup ensures if something does go wrong, your valuable info is safe!
- We’re also advising and helping the ladies with the many plugins Bluehost installed.
- And the best thing? We gave the ladies back their peace of mind by taking the care and maintenance of their website off their hands so they can focus on their business and their clients. They understand the importance of using experts (as do we) when it comes to your business.
Has your website been hacked?
Would you know if it was? Your web host or Google doesn’t always inform people if you’ve been hacked, infected by malware, or have been blacklisted. And sadly, just like in the ladies’ case, your web host may not be doing anything to keep your website safe either.
If your website needs help or you want to make sure what happened to our friends doesn’t happen to you, we suggest you get The Golden Maintenance Package. Your website is the lifeline of your business. Heck, it may be your whole business! Don’t risk losing your valuable content or customers!
Get the full list of features and details of The Golden Maintenance Package here.
Have your own website nightmare? Tell us about it and how you got it fixed!
