Is your website INFECTED?
Did you even know that it could be?
Yes, just like your personal computer is at risk for becoming infected with viruses and malware, so is your website.
I know because I experienced it first hand this week along with several of my clients.
EEEK!!!! There was some STRESS and ANXIETY going on at my house! The good news is that there is a happy ending. Here is what happened and how you can safe guard you own website.
Over the years, I have had my share of “Oh, CRAP!” moments and “Oopsie!” when something just goes WRONG. So, I am a firm believer in back-ups, up-dates and protection. My website IS my business. I can’t afford to have it go down or suffer from a traumatic event if I can avoid it.
So, last summer after helping a new client recover from an “Oh, CRAP!” event, I designed a basic safe guard service to help my clients and others avoid unfortunate events. This week I was doing the weekly updates and back-ups for my own websites and my clients. As part of this process, I also scan them for infections.
I knew it could happen, but had never know anyone whose website had gotten infected…that is until this week!
I started the scan on a client’s website and went to get a drink of water while it processed. To my HORROR, when I returned there were big red letters on the screen saying myclientsdomain.com has been injected with known malware on x, y and z page. It listed a bunch of mystery code that didn’t make any sense to me, but I knew wasn’t good.
Here I was uttering those infamous words….OH, CRAP!
My heart sank as I entered my own domain to be scanned…..OH, CRAP! Mine was infected too. So, I methodically began to scan every support client’s website. In total 5 websites had been compromised.
The rest of my day was spent researching what happened and how to clean and repair the damage with minimal down time.
There are several ways websites can become compromised. Infections are generally caused by security holes in the WordPress software, the theme software or the plugins that are installed on the site. While, hacking generally happens when passwords are not strong enough, not changed often enough, etc. This is why updates and back-ups are so important, as well as following good password strategies.
The common factor with 4 of the 5 websites was the theme they were using. Each was using the older version of OptimizePress. Each had been updated regularly, but since you can’t update things the second each update is released there is always some period of exposure. That is what appears to have happened here. There was a post on Sucuri.net yesterday which said there was a huge spike of reported infections on Wednesday, all dealing with OptimizePress (I discovered it Thursday.)
Luckily, because I had a current back-up of each website I was able to restore them to their Pre-Infected state, apply all the new updates and life is good again! Ahhh!!! Thank you my guardian Angels of technology.
So here are some suggestions to keep your website safe:
- Make sure you are backing up your website at least weekly, with a full back-up.
- Change your password regularly. Every 90 Days at a minimum. More often is better.
- Scan your website regularly. You can scan it for free at Sucuri.net.
- Consider a subscription service for 24/7 monitoring for infections. Your hosting company should have a service available you can add on. (However, you must still update and back-up yourself.)
- If you use OptimizePress as you theme, you should plan on upgrading to the new completely redesigned OptimizePress Version 2.0 sometime this year. They are still providing updates for the Original version, but at some point they will stop supporting it.
- Or if all of this gives you a BIG HEADACHE, I recommend taking a look at my Safe & Sound WordPress Back-up and Update Service to see if it might be a good fit for you.
If you have any questions about this, feel free to contact me. I’ll be happy to help you if I can.
Thank you for the information. I scanned my site with sucuri.net.
Thanks for your most insightful post and info Sherry. NOT what I like to be reading but alas, a truth in today’s world. Things like this make me thankful I’m on your “keep ’em safe” client list! 🙂