“Pay no attention to the man behind the curtain,” intoned Oz, the Great and Powerful after Toto disclosed his hiding place.
That’s what website hackers want you to do, too — pay no attention.
If you’re blogging as a way to support your overseas business and lifestyle — in fact, if you’re doing anything online — you risk running into hackers, as well as viruses and other problems.
There’s no way to protect your blog 100%, just as there’s no way to make your home or office 100% impregnable.
What you can do is take reasonable precautions, and be prepared with a backup plan in case of a problem.
Easy to say, not so easy to do. I’ve been walking that walk for the past week.
You see, some low-life recently injected Future Expats Forum with malicious code.
How bad was it? Fortunately, it wasn’t too awful. You may have tried to view the site and seen a message about malware, or you might have missed a few recent posts in your email. As far as I know, there was nothing more serious.
I apologize for those inconveniences.
It turns out that this site and several others were running on a server which had been compromised. And the hosting service I’d been with for years — and recommended to you in a previous post — was completely uninterested in investigating or fixing it.
So I did the responsible thing and moved the entire site off their server and installed it with a new hosting service. (I’ve also removed those previous recommendations!)
I chose DreamHost for several reasons including price, features and ease of making the change.
If blogging supports your untethered overseas life, a problem like this is more than a nuisance, it’s an interference in the smooth running of your business. As with any other aspect of your business, you should have a plan in case of trouble.
If Your Blog Goes Down, Don’t Panic
Dorothy didn’t panic when she saw Oz, undisguised. But she did take action.
In this case, the site seemed to function just fine, but there were a few warning signals that all was not as it should be.
Don’t ever ignore your blog’s odd behavior!
When I investigated, I discovered that repairing it would not be straightforward, so I called in the cavalry. (I had to take a few deep breaths first.)
Tip #1: Follow the Yellow Brick Road
Dorothy had no idea where she was going, so she started on one end of a path — the yellow brick road — and kept going until she reached the end.
When your blog develops problems, you can find road maps toward solutions. The support forums at WordPress.org are a good place to start. You can get a good idea here of how others have handled similar problems, and maybe get some specific help as well.
Do a Google search for the symptoms your blog is showing. Start discussions in appropriate forums. The important thing is to start somewhere, don’t just hang out with the Munchkins.
Tip #2: Make Friends with some Brilliant WordPress Technicians — Before you Need their Help!
Dorothy had made friends who could help her long before she found Oz. She didn’t know when she came across the Scarecrow, the Tin Man and the Cowardly Lion that they’d be useful to her later on, she was just her friendly, caring self.
I asked for assistance in several places, and decided to work with a programmer I knew from a forum we both belong to. He’s the owner of a WordPress information site called Simple Blog Guide. It was a bit dicey, as Lode lives in the Netherlands and I’m still in Florida, but we made it work.
After some troubleshooting and advanced diagnosis, he realized the problem was on the host server. How did he determine this? He deleted everything and then reinstalled it piece by piece.
Lo and behold, the problem cropped up again.
Not good.
Tip #3: Don’t Be Afraid to Make Tough Decisions
Face to face with the Wicked Witch in her castle, Dorothy didn’t hesitate. She grabbed the first weapon to hand, a bucket of water. (She got lucky, there.)
Once I understood the hosting service had no interest in solving the problem, I pulled the plug. Fast.
I didn’t want Future Expats down one second longer than necessary, and I certainly didn’t want my readers worried about malware from my site!
If your blog is a hobby, you don’t want to annoy your readers.
If your blog is your business, you can’t afford to take that risk!
So I took my website elsewhere.
Tip #4: Don’t Move the Problem
Dorothy found herself wearing the ruby slippers. For a long time is seemed like they were her problem, since the Wicked Witch wanted them at any cost. In the end, though, they took her home safely.
Once we decided to move the site, we started with a clean slate.
We installed a clean version of WordPress, as well as a clean theme and plugins.
We (I’m using the editorial “we” here, because Lode did all the heavy lifting) tested and checked everything at each stage.
Only when we were sure it was working properly and completely clean did we open the doors again for you to visit.
Tip #5: Relax, Take a Deep Breath, then Adjust Your Damage Control Plan as Needed
OK, so Dorothy didn’t get back to Kansas and immediately sit down with Auntie Em and Uncle Henry to draw up a new tornado survival plan. An analogy only stretches so far.
Once your site is working properly again, breathe deeply, pat yourself on the back, and consult with your expert to see what changes you should make to toughen your site against future attacks. Then implement those changes quickly.
Create or modify your plan for how to handle the next hack or infection. With luck, you’ll never need to implement it.
Thinking about starting a website or blog but don’t know where to start? Check out the ongoing Blogging for Expats series of tutorials here.
I’m so glad that the site’s back up without any malicious code in it anymore. This was really the first time I had encountered a site where the infection was on the host server and not on the site itself. Like you said, I figured this out after removing _everything_ from the server and emptying the database. I then added a clean WordPress install, fresh from the wordpress.org site. And tada … there it was again!
Still shaking my head when I think about at the response you got from your previous host … they don’t understand customer satisfaction at all!
Couldn’t have done it without you! 🙂
Wow, I’m impressed. If that happened to me, I’m afraid I wouldn’t be able to understand what I read in the WordPress forum!
LOL, Lynne, that’s when you know you need to call in a tech expert.:-)