How to Stop Hackers: Lessons I’ve Learned After Getting Hacked 6 Times

As you might have noticed, Strayblogger was hacked a few weeks ago, but I had everything fixed and back up within a few hours. Since then, I’ve had several readers email me about writing a post on how to stop hackers and how to clean up and repair your site if gets hacked. That’s what I’m going to talk about in this post… It’s an extremely important and costly topic that you should think about and take care of long before you ever have to actually deal with it.

In the last two months or so I’ve become very familiar with my sites getting hacked… it’s happened at least 6 times. The reason I was able to get Strayblogger back up so fast is because of my recent experiences with getting hacked.

I wish I could tell you that I personally have become an expert at cleaning up malicious code and taking control back from the hackers- but I can’t, because I haven’t. I still don’t know any more about manually recovering from a hack than I did before.

Why Learning How to Stop Hackers Is So Important

I’ll start from the beginning…

Around two months ago, some random person used a contact form on one of my niche sites to let me know that clicking the link to my site from Google’s organic rankings was sending them to some Russian site. I’m glad he told me, because I don’t Google my own keyword terms to visit one of my own sites, so I had no idea that this was going on.

I immediately tried to research how to take back control of my sites, and it turns out that the topic is pretty overwhelming if you’re going to try and learn it on your own. Within two days, more of my sites were affected and in a few more days I couldn’t even access my login page… every page of the affected sites just showed a hacked message.

It was incredibly stressful, and I was freaking out. I quickly decided that it was going to be worth almost any price to just pay a professional to just go in and fix it… I was getting nowhere trying to learn how to do it myself. Somehow I came across the Code Garage site and saw the “Locker” service, and immediately signed up for the service. Peter had everything fixed within a few hours.

how to stop hackers

The way Locker works is that you install a plugin, and so when a hack happens, Peter and his guys can remotely get in and fix everything. Their software monitors your site constantly, and while nothing can prevent every hack attempt, when something has happened they have fixed it within hours. It provides an amazing sense of relief and peace of mind to have my sites protected for such a small fee. If you’re paying for hosting, especially shared hosting, you should consider a service like Locker a necessity.

Most of my sites that were hacked were ranking in the top 10 of Google for their respective keywords, so the biggest potential problem with my pages redirecting to a hacker site was that Google would un-index my pages. Apparently I got it taken care of fast enough because that didn’t happen, but that would be a devastating blow to anyone’s business that relies on organic traffic from Google.

It’s pretty crazy that a hacker can potentially shut down your online business, possibly for months… it’s a huge threat that you should take care of sooner rather than later.

My bottom line message/key takeaway…

Spend your time building your business and doing what you’re good at. Don’t spend a bunch of time trying to learn about WordPress security and coding, because it’s a HUGE and complex subject… just pay an expert to protect your sites for you. I can’t recommend the Locker service enough to anyone who has ever worried about their sites getting hacked.

Please take a second and Like this on Facebook, ask a question, or leave a comment.

Limited Offer: Name: When I was just starting to figure things out, I did an interview where I walked through exactly what was working for me.

You can get this entire interview completely free, and you'll learn a lot from it.

Just enter your email addres below for instant access. Email: 3154 subscribers We respect your privacy Email Marketingby GetResponse

33 Comments

  • Jay

    Reply Reply December 6, 2011

    Nate,

    I think this is a very good topic to have discussed. I’m more than willing to admit my own lack of knowledge in this area but what are the signs that your site is or has been hacked? Is it possible to have your site hacked and not even know it?

    • Nate

      Reply Reply December 6, 2011

      Jay-

      Some of the main signs are your pages loading really slow, or seeing big drops in traffic even though your Google rankings are still there.

      That’s another reason a monitoring service is so important, because it will scan your sites hourly for any issues. My niche sites that were hacked could have been affected for weeks… I only found out about the redirect from a random person emailing me from a contact form.

      And yes- it’s definitely possible to have your sites hacked and not even be aware of it.

  • AJ

    Reply Reply December 6, 2011

    Two of my sites have google search engine links that are hijacked. I thought it may be google’s fault. This is a timely post for me. Its getting more difficult and time consuming to rely on google for search engine traffic and deal with hackers.

    • Nate

      Reply Reply December 6, 2011

      AJ-
      Once you’ve had it happen you know how frustrating it is. When I first found out my sites were hacked I literally thought my IM business was over- or at least I would have to start over.

  • Mary Chicoine

    Reply Reply December 7, 2011

    Nate – thanks so much for the information about “locker” at codegarage. I’m always worrying about this kind of thing because I’m not so technically aware. Once my second site is up I’m definitely going to use locker.

    So glad you got it fixed as quickly as you did.

    All the best, Mary Chicoine

    • Nate

      Reply Reply December 7, 2011

      You’re welcome- it’s a highly valuable investment.

  • Chris

    Reply Reply December 7, 2011

    Happened to several of my sites too.. I now use a WP plugin to constantly backup my sites, but Locker sounds like a much easier way. Thanks for sharing!

    • Nate

      Reply Reply December 7, 2011

      Chris- Yeah I was planning on doing the same thing, then I realized I had no idea what to do with all the raw wordpress files that I had backed up to restore my sites.

      But- if you know what you’re doing than you’d be fine.

  • ice_hot

    Reply Reply December 7, 2011

    Hi!

    Thank you for sharing this info. I just would like to know how you were able to install the plugin from Locker when you said you couldn’t even access your login page?

    Please explain how you did it.

    Thanks!

    • Nate

      Reply Reply December 7, 2011

      Good question-

      If you don’t have the plugin installed- you can give the Locker guys your FTP details and they’ll get in that way and fix it. That’s what I did to initially get it fixed.

  • Harlan Yee

    Reply Reply December 27, 2011

    Hi Nate,

    Website security is always a concern for me. Thanks for sharing your solution!

    I was curious, other than your Strayblogger site being hacked, do you know if your hacked sites were randomly targeted or did they only hit your high search volume sites?

    Did it affect your video training sites that have lower search volumes?

    • Nate

      Reply Reply January 5, 2012

      Harlan,

      I think they were just randomly targeted. After searching about how to fix a hack, it seems like hackers do advanced search queries to get a list of sites with certain vulnerabilities.

      It did affect a few of my sites that were in the same hosting account.

  • Had 11 out of 13 sites hacked late last year and I (think) just had another failed hack attempt which I’ve just notified my host about. My income still hasn’t revived itself from those attacks as I had to rebuild my sites from scratch and there was a dent in the ranking… tough times but lesson learned and a mistake I hope I will only make ONCE.

    • Nate

      Reply Reply January 18, 2012

      ugh… just remembering how crappy it was trying to fix everything is depressing- luckily I won’t have to worry about that again thanks to Locker. I hope you don’t get hacked either.

  • Rob

    Reply Reply January 27, 2012

    Hey

    I can empathize with anyone here….especially the comments about feeling like ones IM career is over. I have just been hacked by some Kuwait Hacker cockroaches who think it’s clever to template a site with their militant monikers and sound track. They are attacking all my sites on the server. I hope there is real karma in this world and that these morons get what they deserve for causing so much stress and loss. I will definmitely check out the Garage Locker..thanks

    • Nate

      Reply Reply January 29, 2012

      Rob I feel for ya- that’s so frustrating. Like I said in the post, the awesome thing is you install the Locker plugin so that the Code Garage guys can get in and fix it all up even when you can’t even get it.

    • Robin

      Reply Reply April 14, 2012

      Wow! Are you kidding? Just started out with my website, would check out this Locker guys. lol @ Kuwait hacker roaches.

      • Nate

        Reply Reply April 15, 2012

        Robin- Yeah it’s a great feeling to know that my sites are covered no matter what.

        I remember the first time it happened the most frustrating part is I had no idea how to even try to start to fix it because I couldn’t get into the site… so the way they can get in through the plugin is great.

  • vpidkowich@gmail.com

    Reply Reply February 6, 2012

    Great call on this service :) Until now I was downloading plug ins and hopelessly trying to figure out how to use them to hard the word press install. This is a much better solution.

    Thanks Again Nate!

    • Nate

      Reply Reply February 18, 2012

      You’re welcome- it’s a huge relief to have a service like that in place.

  • Patricia

    Reply Reply April 15, 2012

    Hi Nate, I shall look up this service. I just had two websites hacked, 6 months work down the drain. I concluded it was because I hadn’t changed my admin password to a strong one. Anyway I’m starting again on a new host and they tell me it would be impossible with them…
    Thanks for sharing

    • Nate

      Reply Reply April 15, 2012

      Patricia- It’s definitely a worthy investment…I lost over 20 pages from one of my sites the first time my account got hacked.

      Is it a shared hosting company telling you their service can’t be hacked? I’d be wary of that, I don’t think that’s possible.

      Thanks for the comment.

  • Patricia

    Reply Reply April 15, 2012

    No it’s a paying website, though they offer free hosting as well. I think they were just refering to hackers entering via the admin password, no doubt hackers can get in through other access points, as per the contact form mentioned higher up.

    • Nate

      Reply Reply April 17, 2012

      Gotcha- yeah that makes sense.

  • Shawn

    Reply Reply April 16, 2012

    Luckily, I’ve never been hacked, but I read long ago to change your user name to some other than “Admin” as it makes it too easy for those pesky hacker to find their way in.

    Also, ridiculously long passwords are helpful. All that said, I’ll check out the locker service.

    Remember these hackers aren’t necessarily pimply-faced teenagers, but rather professional hackers working organized crime and even several governments. The more protection the better!!

    • Nate

      Reply Reply April 17, 2012

      Shawn- Yeah you never know who those idiots are…

      Like I’ve said numerous times in this post, Locker is one of my best investments.

  • Gary

    Reply Reply April 18, 2012

    I had a number of blogs hacked in in recent weeks and I can sympathise with just how stressful it is dealing with the fallout.

    In most cases, my webhost was able to restore the sites from their own backups. Maybe I lost a post or two this way but it meant that the malware was gone pretty quickly.

    With a couple of sites though, there seem to have been rolling backups (i.e. a new backup overwrites an older one) and I ended up with blogs that were about 2 weeks out of date – posts gone along with all the work I’d done on one blog to completely revamp it.

    So here’s what I do now:

    1. I don’t rely on my webhost to provide an up-to-date backup though it’s a good place to start if you have no other option

    2. I bought the BackupBuddy plugin and installed it on my sites. This can create scheduled backups of either the entire site or just the database.

    I usually do a full site backup once a week and a database only backup every couple of days. I do gzip backups and keep 2-3 backups of each (getting the plugin to email them to me automatically). It can be a bit heavy on webspace, depending on the size of the site.

    In the event of a hack, I clear out everything on the domain, recreate the database for the blog, change the cpanel password and possibly the WHM password as a further precaution. Then I upload the last known good full site backup to the domain along with the loader app and reinstall the entire site in a couple of minutes. If a backup happens to include the malware infection, I roll back to an earlier backup.

    There’s still the possibility of losing posts, etc, the older the backup. But now I know that a hack doesn’t mean a long downtime for the blog once it’s been discovered.

    I have a lot of blogs and the monthly fee for Locker is too much for me at the moment so the BackupBuddy solution is a good fit for me.

    The only downside is that the plugin is pretty resource hungry so won’t run to completion on shared hosting accounts. I’ve move most of my blogs to reseller accounts now anyway because WP has become such a resource hog, especially when you start adding various additional plugins to it.

    • Nate

      Reply Reply April 18, 2012

      Gary- those are very good tips… and the exact reason I pay for Locker :)

      When I think of taking the time to do all that stuff weekly or however often, my eyes glaze over and I blackout.

      But… if the revenue doesn’t support it yet then you do what you gotta do, I definitely understand that.

  • Deborah Zappa

    Reply Reply April 19, 2012

    I went through a similar hacking experience about three years ago. Mine could not be fixed because the hosting company, hostdepartment.com, was totally unresponsive. I lost five or six domains because I could not access them due to the hosting service’s crappy tactics.

    Because of that experience, I went with HostMonster and have been very pleased with their service so far. They keep their security pretty tight. In addition, I install multiple security plugins on every site. I also recommend that you never create an ‘admin’ username. Create a username like T3%_sk4IK! and simply change the nickname once the user is created. Of course, use Akismet and something else such as WP Spammer. I know this sounds like overkill, but once you get hacked a person gets a little gunshy.

    • Nate

      Reply Reply April 21, 2012

      Deborah- Yeah changing the username from the standard ‘admin’ is a big one- glad things have been good since you switched.

  • Satish

    Reply Reply August 25, 2012

    Very Cool. These people charge really low. 10$ is nothing these days and that too for 2sites.. :D WoW! Good to know about such affordable service here.

    Thanks Nate.. :)

  • Greg Purnell

    Reply Reply September 2, 2012

    Nate – Thanks so much for the recommendation. After getting several of my sites hacked, I completely agree with you that this service is a no-brainer. I just signed up and am glad for the peace of mind it will provide going forward. Peace.

  • blgmgl

    Reply Reply October 29, 2012

    Hey, I’ve been just hacked today by some stupid sh***thead monkeys called Anonymous Lebanon with their f***ing stupid cause or whatever that I really don’t really give a sh! Sorry for bad words, but I’m still very angry at the moment.

    Although my website is relatively new, it was doing pretty good last month in traffic increase. I wonder if being hacked negatively affects your rank? If so what can I do to prevent it? Thanks.

    P.S. Will definitely take a look at Locker! Thanks again!

Leave A Response

* Denotes Required Field

Current ye@r *