Lessons from My Website Hacking

Introduction

I found my Website hacked on November 11, 2021, and spent half the night trying to recover it. I found this out by accident while I was doing some other maintenance. Before explaining more, here’s my setup: This WordPress instance is pre-loaded using what’s called WP Hosting. That means that I don’t have cPanel for this instance, which turned out to be a minor detail in how I proceeded. (I do use cPanel on a separate server that I use strictly for testing.)

Identifying the Issue

The type of hacking that I found is called a malicious redirect. It means that the hacker diverted my visitors to a ridiculous gaming site that clearly was not mine. What made the diagnosis difficult was that my admin panel seemed to be working correctly. I also was able to access my site since my browser was already logged in.

The only way I could test for this redirect as visitors experienced it was to access my site via a separate browser that I don’t have logged in for maintenance. I always keep a spare browser for testing, but I never considered it for this purpose since this is the first time I’ve been hacked.

Running Site Health under the Tools menu clearly identified the problem. I was a bit disappointed in the Sucuri security plugin because it didn’t alert me to the problem. It’s possible that the hackers diverted any emails it was trying to send, just like they made it impossible for me to restore my code from my backup software.

Relying on my Hosting Company

I have generally had a good experience with my hosting company, even though they are a smaller player that is not well known. The only issue I’ve found is that it can take a LONG time to resolve issues because they offer chat-only support. It often takes a while for them to identify the issue and get you to the person that can best help you.

My first instinct was to ask them to delete my current instance of WordPress, which I can’t do myself given that I don’t have cPanel access. Then I would have reloaded everything from a save point that was virus-free. They actually had a better solution, and in one fell swoop, disabled the malicious redirect by disabling all of my plugins.

Recovery

From that point, I installed Wordfence, on the recommendation of my hosting company desk, and uninstalled Sucuri. It has a scanning tool that will identify and quarantine malicious code, much like a standard virus scanner.

I reloaded my code from a point before I suspect I was hacked, and that worked given that the malicious code didn’t prevent it this time. Wordfence also provides a firewall that automatically activates after a week of self-learning. When I saw that happen a couple of days ago, I was even happier.

More Cleanup

I invited this attack by having way too many plugins. In a few cases, I forgot what they did and why I installed them. My old method of discovering plugins with potential was to install first, configure later. Of course, I often never ended up configuring them. Now, I log any new plugins that I read about into an Evernote document that details all of my Website changes. That way, if I really want to try something out, I can do it when I have the time to configure it properly and test whether I want to keep it installed.

I uninstalled the most recent plugin that I installed, which I think was the source of the hack, and I deleted 10 others as well. Several other plugins are targeted for future elimination in that same Evernote document. I got some great advice from the community at WPBeginner.com: Install plugins to solve a business need, not just because they’re fun to use. Less is definitely more when it comes to plugins!

Steps I’d Recommend to Prevent Being Hacked

  • Install only the plugins that you need. Remember that every plugin you install is like handing a stranger a key to your house and hoping they won’t abuse the privilege.
  • Keep a log of plugin or other configuration changes that you make. A plugin like Simple History will show you recent changes, but your own document will help you remember why you installed something and whether it’s still important.
  • Install a plugin that does automatic backups, if you’re not already doing so. Also, remember to do some secondary backups from time to time in a separate place, just in case.
  • Use Site Check from the Tools menu. It’s so easy to use and provides advice you should follow.
  • Install a good security plugin that will provide scanning and firewall. Wordfence does both in its free version.
  • Allow WordPress versions, themes, and plugins to update automatically. Hackers can exploit mismatches in these, or can get into your site through a recognized leak that is waiting for you to manually update.
  • Install a separate Web browser that you don’t normally use, and only use it for testing. Don’t log into wp-admin from it or it will be useless in this regard.
  • Rely on your hosting service to give you advice. They likely won’t solve your issues but will guide you along the way. If you’re just given a bunch of documents to read with no concrete help, ask to be boosted to a higher level of support.

In Conclusion

I hope my story can save at least one other person from getting hacked. In that case, it was well worth the time it took to flesh this out. I will update this document from time to time with best practices I learn along the way. Have you had any experiences of getting hacked? How did you deal with it?

One thing I didn’t mention was never a real possibility for me but should be considered nonetheless. The companies that make security plugins also have teams at the ready to clean infected Websites. The bad news? Prices start at $200 and go way higher. I wanted to learn how to recover from this so that I could be better prepared against future hacking attempts.

Last Updated 2021-11-21 | Originally Posted 2021-11-21

Piano Teaching Resources

Summary

I often find piano teaching to be difficult. Each student comes to you as an individual learner, with different needs from the next child. What motivates one student doesn’t motivate the next. What’s hard for one kid is simple for the next, and vice versa. Fortunately, there is an amazing community of teachers who offer lots of piano teaching resources, much of it free.

I explore for inspiration on the Web in several different ways. Much of it comes through Webinars from the Music Teachers National Association, to which I belong. When I find a good site, I’ll click links that lead me to find other great sites. If I’m looking for something specific, I often find it just through a Google search.

Update

As part of a recent continuing education project, I have dived a lot deeper into three of the resources on my original list, and found a brand new one to share as well. These are grouped under Recently Helpful. The other resources under Also Worth a Look are carryovers from when I first published this post.

Recently Helpful

Piano Picnic

Ruth Power comes to piano from a different angle than most others in this list. She grew up loving to play piano by ear, figuring out songs she heard on the radio. This while taking traditional piano lessons and going on to a bachelor’s degree in music. I took her free course Ear Bootcamp, which was offered as a teaser to her more formal paid course Songs by Ear. She not only gave me a teacher discount but gave me permission to offer modules of the class to my students, sort of like a site license, at no extra cost. How cool is that?

Sara’s Music Studio

Sara interviewed Ruth Power just before her Ear Bootcamp began. I ended up adding a third project to my summer list as a result. My second summer project was taking a course Online Lesson Academy that Sara offers with her colleague Tracy through the Upbeat Piano Teachers. I wrote a separate blog post on that subject.

Tim Topham

Tim is an amazing source of inspiration who has a very extensive Website. I’ve hopped onto many free teaser resources he offers, including newsletters, Webinars, and downloads, while resisting frequent pitches to become a paid member of his Inner Circle. I’m sure the Inner Circle is great, but it’s really expensive and outside of my budget for continuing education right now

Inside Music Teaching

Philip Johnston is a blogger and publisher of two books that I have purchased as teacher resources. Check out the posts that rotate through the jumbotron on his home page. One of the books that many of my students know first-hand is the very expensive Scales Bootcamp. I use this in lessons for students learning the correct fingering on full octave scales once they’re ready to move past pentascales. Philip, if you ever read this, please lower the price on this book, as I would ask all of my students to buy it! I bet you would make up in spades on volume what you would lose in per-book profit!

Color In My Piano

Joy Morin talks about her studio, her influences, and inspiration for other teachers. Most recently, she released a really cute Post-It note project. The free download provides the basic Microsoft Word templates that allow you to affix notes to a page and type your own text. The upsell is to purchase some inspirational messages she designed by hand, then digitized, that can be printed on these notes. It’s really a clever idea, but I think I’ll stick to designing my own notes for now.

Also Worth A Look

Pianimation

Jennifer Fink inspired me to put together a version of her floor staff carpet, using cards that she developed to relate intervals to that staff. I created a separate portable felt board that I loan to parents to help young learners with the staff.

Piano4Life

Teacher Natallia created this Circle of Fifths Chart that I use with students. I use it to check off scales learned in major and minor.

Last Updated 2018-07-30 | Originally Posted 2018-03-12

Learning MailChimp

One of the many items on my social media list was to write a monthly newsletter and to organize it via MailChimp, a leader in email campaigns. Each task in its own way was daunting. However, by staying at it over a number of days, I got it done and learned a lot along the way. The good thing about doing most complex things is that it will be easier the next time. Or so one hopes!

That said, please check out my January 2018 newsletter via this link. I’ve found that some experience subscribing through MailChimp to be challenging, so please contact me if you’d like to be added manually.

Please let me know if this newsletter is helpful, or what I may change to make it more effective. Constructive criticism is welcomed!

Last Updated 2018-02-19 | Originally Posted 2018-01-11

Learning YouTube

As a performing artist, it’s important for me to be able to share video recordings with others in an organized way. Sure, friends and family will appreciate it, but so will colleagues and anyone to whom I want to market my services. For me, this includes parents looking for piano teachers, people hiring for gigs, and potentially those hiring for bigger opportunities.

The only way you used to be able to access these recordings was via a Google search, or via a nested menu on my church’s Website. Currently, all of the recordings on my YouTube channel were made at church as part of some live event, whether it be a church service or a concert. Thanks to Troy Jorgensen and Alan Yount for recording and uploading these videos.

Though it took awhile to figure out how to do this, it’s possible to create a link to these recordings, and organize them in a way that makes it very user friendly. Currently, I have three listings (YouTube speak for categories) of accompanying: vocal solo, choral, bell choir; and two solo listings: piano and organ. In each of these, I decided to organize the recordings by the date descending, so that new recordings always appear at the top of a listing. It’s my intention that over time the older recordings should fall to the bottom and potentially be removed.

The only thing I wasn’t able to do is to get a nice URL since YouTube requires you to get some notoriety first, namely 100 subscribers. That might take awhile. Until then, I’m identified as UCVxDCUK8217ovuc3dSDOwNw – that’s at least three license plates long! The actual hyperlink is much longer, so I just made this link.

So, please check out my YouTube channel, subscribe to it, and tell me what you think! Would you consider putting together something like this for yourself?

Last Updated 2018-02-19 | Originally Posted 2017-12-21