NAVY GRACE IS BACK!!
It honestly feels SO good to say those words.
Today I wanted to share 5 things to do if you become the victim of WordPress hacking.
I was beginning to wonder if I would ever be able to say the words “it’s back”, after my website was hacked into on January 11 this year. The last couple of months were truly emotional on so many levels. So many different thoughts would cross my mind wondering why the hacker hacked into my Website? Wondering if I had lost EVERYTHING from the last 5 ½ years of my work, just gone! Thoughts of potentially having to start over from scratch truly haunted me. I was an emotional mess for days. It’s amazing how you never think that it can happen to you, but truth is, is that it can.
My website navygrace.com is the bread and butter of my brand. I have spent countless hours, long nights, and of course shed lots of tears the last five and a half years of building my brand and Business.
So much of Navy Grace was taken away from me in a blink of an eye. Something I hope and pray doesn’t ever happen to any of you. Today, I wanted to share 5 things to do when your WordPress website gets hacked and what you can do to prevent any hackers hacking into your website. I for sure have learned so much from this experience and want to share a little bit of my wisdom, that unfortunately was learned the hard way.
I can’t go a day without thanking my wonderful husband throughout this process of gaining access to Navy Grace again. He was there every step of the way. Making countless phone calls, emailing, reaching out to friends and other people in hopes to get help, and most importantly being a shoulder to cry on. He was always a light when I was feeling down.
I look back and am shocked at how much my mood shifted and changed the minute I found out I was hacked into. Some would think it should feel like a vacation having 2 months off from work, but it felt completely opposite. For 2 weeks, I had zero motivation to do ANYTHING. I felt like a bad mom, felt lazy and unproductive, all because my website was hacked into. It is such a vulnerable feeling having your entire work life taken away from you. It was such a weird feeling, and tough to describe. I am just so grateful I had a lot of family members who visited during this time to distract my mind.
Before I share 5 things to do when your WordPress website gets hacked with you, I first wanted to share my experience on how I got hacked, and how I found out.
As most typical weekends go, I am more casual about working and not checking my inbox several times a day, like I do Monday-Fridays. The Saturday on January 11,2020 was no different. In fact we were out spending the day as a family, and even had a date night that evening so I hadn’t even checked my email the entire day. Major regret! But how was I suppose to know?
That next afternoon on Sunday, I sat down to share a few videos to my IG stories. As I started to share, I needed to copy links from my website. The first webpage on navygrace.com that I clicked on pulled up just fine, the next one I tried showed that there was an error 403 on my website. I found it super odd and kept trying again, wondering if it was just an error on my phone. I then went to my Macbook Pro and tried again, only to get the same result. After that I then began to look through my emails. At first I thought it was a simple problem of me needing to fix something on my website for mobile devices. Which my SEO girl had informed me the week prior. But after looking into it a little more and browsing through my emails I saw an email that came through the day before on that Saturday. The email showed that there was an login attempt from someone from Brazil. Just 30 minutes after a new email showed that there was a new login email and password on my Siteground account. For those of you not familiar with Siteground, they host my website.
From that point I was no longer able to login to my Siteground account and my WordPress account, and navygrace.com had an error 403 anytime I tried to type it into the browser.
That’s when it really hit me!
I contacted my assistant and my SEO girl and was asking for their recommendations on how to proceed and how to get help. After chatting with both of them I contacted Siteground via email and later by phone to let them know that my website was hacked into. I was told to fill out a form sharing happened and that they would contact me sometime within 48 hours.
The toughest part about this entire process was not being able to really communicate quickly with Siteground. They are a European company so the time change makes it hard to chat back and forth quickly.
I finally heard back from Siteground but it had been about 3 or 4 days later. After talking with them, they told me they were going to run the diagnosis and find out what happened to my site. They told me it would take anywhere from 5-10 days. But in reality, it took almost a month!!!! I am not here to blame Siteground. They were doing everything they could, but apparently my website was not a typical website for them. It took them much longer to run the diagnosis.
After talking with them, I had a good feeling. They stated that they took action and suspended my account from the hacker, that way the hacker himself couldn’t do any more damage. Still unknown if the hacker was able to erase all my content or anything they suspended my account. So, up until last week, I had no idea. That thought kept haunting me. Another scary thought I kept having was wondering if my website was backed up or not. I was 95% sure I had a backup plugin installed on my WordPress, but that 5% of not knowing was truly terrifying. I was not ever able to login to my WordPress account to confirm either. So it was left just to hope and pray the plugin was installed and backing up everything.
Throughout the longest month of my life, or so what it felt like, I would follow up with Siteground via email and phone calls daily. It would take them 3-5 days to respond via email which was always a little frustrating. On February 13th, just a few days over a month I was able to regain access to my Siteground account. I was able to create a new password. From that point, there was still several things that needed to be done on both of our ends before they would release my website back to me.
A few days later, I got horrific news that immediately had me in tears. Siteground informed me that they checked for available backups and no website files were present. The oldest backup was on 18 January 2020. Which meant my entire website was gone. GONE! The exact thing that I was hoping wasn’t the case, what I had been hoping and praying wouldn’t happen. The daunting thought that I would have to start everything over, became a reality. Again, my husband jumps in to help me. We communicate with Siteground and after a long conversation they let us know that they would check on my WordPress to see if there was a backup installed. After a few hours they responded with the best news I had heard! Everything was backed up through WordPress. Siteground was able to put everything back onto my website. One issue was that my wordpress theme could not be found. Which to me, was such an easy fix. I was able to purchase a new one to have installed.
Seriously such a huge blessing.
Another major downside is that none of my images backed up on my website. I am not sure why they aren’t showing up, something with the server and database. You will be able to see the image tag and square space show up, but not the actual image. So as of right now, no images are showing from the last 5 years. Super unfortunate. I have been slowly going back through my camera roll on my phone and uploading the photos to my WordPress media library to add into each individual blog post. IT IS VERY TIME CONSUMING!! I have been working on it for a week straight and have only gone back 2 months. It will take me a long time, so please bare with me as I go through this process.
As annoying as it has been to have to sort through thousands and thousands of photos, upload them all and insert them into each individual post. I still feel like I am so lucky to be able to have most of my 5 years of work back!
5 TIPS TO USE TO PREVENT YOUR WORDPRESS WEBSITE BEING HACKED INTO
1// HAVE DIFFERENT PASSWORDS FOR EVERYTHING AND CHANGE YOUR PASSWORDS OFTEN
As I have mentioned earlier, I had to learn everything the hard way. But with that I have learned that you need a different password for everything. That way, if you were to get hacked, the hacking gets stopped at the first source. My password for my Siteground account and WordPress were the same, which is why the hacker was able to get into both. However, if I would have had different passwords for each, it would be a lot more work for the hacker to get into my WordPress, or vise versa. Make sure no two passwords the same! Create new passwords for your business, bank, email, website, Instagram, Pinterest, everything needs its own password! The second thing I learned is that you need to be constantly changing your passwords, and often! Every 4-6 months you should be changing your passwords. This is just to ensure that it makes it more difficult for any hacker to get ahold of your personal information or business information.
2// HAVE DIFFICULT PASSWORDS
I can’t stress this enough! After talking with some web guys, they mentioned that this is probably the very reason I was hacked into. I wasn’t a target for them, or had something of value to the hacker, I just had an easy password. Sure, I followed the rules 1 capital letter, 1 number, and 1 character. But it just wasn’t good enough! The web guy I chatted with mentioned that when he sets his own passwords, he just starts to type random words and numbers together while throwing in some capitalization. The passwords doesn’t make sense at all, but it is considered a strong password.
Make sure you don’t have actual words in your passwords, it’s better to have a random mix of letters. I know you are probably thinking, but how am I supposed to remember the password? Right? I thought the same thing. But write ALL passwords down, on a google sheet, notes on your phone, anywhere that is private to you.
3// BACKUP EVERYTHING
I am forever grateful I had a backup plugin on my website. However, I think it would be smart of me to have things backed up on more than just one source. I know that there are several services that offer this, or you yourself can do it. But either way, having that confidence that everything is backup on your end would be such a relief for you if you were ever hacked. For me, I was unsure the entire 2 months. I was 95% sure, but I hated living in fear with that other 5%. Moving forward, I will have more than one backup.
4// HAVE A WEB DEVELOPER YOU TRUST
This is honestly all new to me. Moving forward I now have a web developer that I will be working with. They will be doing daily backups, performance checks, security checks among so many other things. This is something I should have had when I started my blog 5 years ago. Just grateful I am starting now! I never thought to have one since I bought an inexpensive WordPress theme instead of working with a graphic/website developer. So start looking for a web developer to help you.
5// BE CONSISTENT AND FOLLOW UP
I know this is way easier said than done, but we made sure we kept hounding Siteground daily for an update. If we didn’t do this, I am certain that the process would have taken much longer than 2 months. We followed up both via phone call and email at least every other day. Making sure we were in contact with someone. Of course I felt super annoying, but I really didn’t care. This was another tip that was shared with my from someone who has experience with corporate business websites being hacked into. Follow up with whoever is helping you. If they said the process should only take 10 days, make sure they are working hard to get everything done in a timely manner.
I just wanted to end by saying I am beyond ready to pick things up where we left off with Navy Grace! I am looking forward to seeing where this year takes us, and I honestly wouldn’t be here without all of you and your amazing support.
I appreciate each one of you checking in on me. Seeing how I was doing, the status on my WordPress website, and overall just being there for me. I felt it all, felt the love, heartache and friendships.
So THANK YOU!!!! Thank you to everyone for being a supporter of me and Navy Grace.
I appreciate it more than you know.
Here is to moving forward, with a semi fresh start and new perspective of things!
Have you ever been the victim of WordPress hacking? What did you do? Let me know in a comment below!