Lessons from My Website Hacking

Introduction

I found my Website hacked on November 11, 2021, and spent half the night trying to recover it. I found this out by accident while I was doing some other maintenance. Before explaining more, here’s my setup: This WordPress instance is pre-loaded using what’s called WP Hosting. That means that I don’t have cPanel for this instance, which turned out to be a minor detail in how I proceeded. (I do use cPanel on a separate server that I use strictly for testing.)

Identifying the Issue

The type of hacking that I found is called a malicious redirect. It means that the hacker diverted my visitors to a ridiculous gaming site that clearly was not mine. What made the diagnosis difficult was that my admin panel seemed to be working correctly. I also was able to access my site since my browser was already logged in.

The only way I could test for this redirect as visitors experienced it was to access my site via a separate browser that I don’t have logged in for maintenance. I always keep a spare browser for testing, but I never considered it for this purpose since this is the first time I’ve been hacked.

Running Site Health under the Tools menu clearly identified the problem. I was a bit disappointed in the Sucuri security plugin because it didn’t alert me to the problem. It’s possible that the hackers diverted any emails it was trying to send, just like they made it impossible for me to restore my code from my backup software.

Relying on my Hosting Company

I have generally had a good experience with my hosting company, even though they are a smaller player that is not well known. The only issue I’ve found is that it can take a LONG time to resolve issues because they offer chat-only support. It often takes a while for them to identify the issue and get you to the person that can best help you.

My first instinct was to ask them to delete my current instance of WordPress, which I can’t do myself given that I don’t have cPanel access. Then I would have reloaded everything from a save point that was virus-free. They actually had a better solution, and in one fell swoop, disabled the malicious redirect by disabling all of my plugins.

Recovery

From that point, I installed Wordfence, on the recommendation of my hosting company desk, and uninstalled Sucuri. It has a scanning tool that will identify and quarantine malicious code, much like a standard virus scanner.

I reloaded my code from a point before I suspect I was hacked, and that worked given that the malicious code didn’t prevent it this time. Wordfence also provides a firewall that automatically activates after a week of self-learning. When I saw that happen a couple of days ago, I was even happier.

More Cleanup

I invited this attack by having way too many plugins. In a few cases, I forgot what they did and why I installed them. My old method of discovering plugins with potential was to install first, configure later. Of course, I often never ended up configuring them. Now, I log any new plugins that I read about into an Evernote document that details all of my Website changes. That way, if I really want to try something out, I can do it when I have the time to configure it properly and test whether I want to keep it installed.

I uninstalled the most recent plugin that I installed, which I think was the source of the hack, and I deleted 10 others as well. Several other plugins are targeted for future elimination in that same Evernote document. I got some great advice from the community at WPBeginner.com: Install plugins to solve a business need, not just because they’re fun to use. Less is definitely more when it comes to plugins!

Steps I’d Recommend to Prevent Being Hacked

  • Install only the plugins that you need. Remember that every plugin you install is like handing a stranger a key to your house and hoping they won’t abuse the privilege.
  • Keep a log of plugin or other configuration changes that you make. A plugin like Simple History will show you recent changes, but your own document will help you remember why you installed something and whether it’s still important.
  • Install a plugin that does automatic backups, if you’re not already doing so. Also, remember to do some secondary backups from time to time in a separate place, just in case.
  • Use Site Check from the Tools menu. It’s so easy to use and provides advice you should follow.
  • Install a good security plugin that will provide scanning and firewall. Wordfence does both in its free version.
  • Allow WordPress versions, themes, and plugins to update automatically. Hackers can exploit mismatches in these, or can get into your site through a recognized leak that is waiting for you to manually update.
  • Install a separate Web browser that you don’t normally use, and only use it for testing. Don’t log into wp-admin from it or it will be useless in this regard.
  • Rely on your hosting service to give you advice. They likely won’t solve your issues but will guide you along the way. If you’re just given a bunch of documents to read with no concrete help, ask to be boosted to a higher level of support.

In Conclusion

I hope my story can save at least one other person from getting hacked. In that case, it was well worth the time it took to flesh this out. I will update this document from time to time with best practices I learn along the way. Have you had any experiences of getting hacked? How did you deal with it?

One thing I didn’t mention was never a real possibility for me but should be considered nonetheless. The companies that make security plugins also have teams at the ready to clean infected Websites. The bad news? Prices start at $200 and go way higher. I wanted to learn how to recover from this so that I could be better prepared against future hacking attempts.

Last Updated 2021-11-21 | Originally Posted 2021-11-21

Learning MailChimp

One of the many items on my social media list was to write a monthly newsletter and to organize it via MailChimp, a leader in email campaigns. Each task in its own way was daunting. However, by staying at it over a number of days, I got it done and learned a lot along the way. The good thing about doing most complex things is that it will be easier the next time. Or so one hopes!

That said, please check out my January 2018 newsletter via this link. I’ve found that some experience subscribing through MailChimp to be challenging, so please contact me if you’d like to be added manually.

Please let me know if this newsletter is helpful, or what I may change to make it more effective. Constructive criticism is welcomed!

Last Updated 2018-02-19 | Originally Posted 2018-01-11

Learning YouTube

As a performing artist, it’s important for me to be able to share video recordings with others in an organized way. Sure, friends and family will appreciate it, but so will colleagues and anyone to whom I want to market my services. For me, this includes parents looking for piano teachers, people hiring for gigs, and potentially those hiring for bigger opportunities.

The only way you used to be able to access these recordings was via a Google search, or via a nested menu on my church’s Website. Currently, all of the recordings on my YouTube channel were made at church as part of some live event, whether it be a church service or a concert. Thanks to Troy Jorgensen and Alan Yount for recording and uploading these videos.

Though it took awhile to figure out how to do this, it’s possible to create a link to these recordings, and organize them in a way that makes it very user friendly. Currently, I have three listings (YouTube speak for categories) of accompanying: vocal solo, choral, bell choir; and two solo listings: piano and organ. In each of these, I decided to organize the recordings by the date descending, so that new recordings always appear at the top of a listing. It’s my intention that over time the older recordings should fall to the bottom and potentially be removed.

The only thing I wasn’t able to do is to get a nice URL since YouTube requires you to get some notoriety first, namely 100 subscribers. That might take awhile. Until then, I’m identified as UCVxDCUK8217ovuc3dSDOwNw – that’s at least three license plates long! The actual hyperlink is much longer, so I just made this link.

So, please check out my YouTube channel, subscribe to it, and tell me what you think! Would you consider putting together something like this for yourself?

Last Updated 2018-02-19 | Originally Posted 2017-12-21