“I didn’t think it would happen to me. Yes, I had read some of the warnings, seen some of the signs, just thought they were directed at someone else. Not at me.
It came at a point when my defences were low, and my system was weak. I think that was how the virus spread so quickly.
I couldn’t believe the way it spread its tentacles. Even after I thought I’d got rid of it there was still the odd trace in the system. It’s hard to be sure it’s gone completely… and won’t come back.
I felt horrible afterwards, like something shameful had happened. Something I didn’t really want to talk about. Even though I knew this was something caused by the actions of someone else, it still felt like my fault. I didn’t want to admit my weakness.
But after a while I thought it was better to speak out. I can see other people doing the same thing. Taking risks. Assuming this is something that won’t happen to them.
Which is why I thought it was time to say something. Share something of my experience. I’m no expert in knowing how to stop this from happening, but I can pass on what I have learnt – not least that keeping your fingers crossed is no defence.”
What do you do when you see posts on WordPress security?
Click on through, follow the advice, and see what you need to apply?
Or turn away, thinking they can’t possibly be talking about *you*?
I have to confess, until a few weeks ago, I was in the turn away category. WordPress geek that I am, I still didn’t think security was something I needed to bother my head about.
Little did I know.
I’m still not entirely sure how it happened, only that at some point while I was in the midst of moving house, and struggling with an unbelievably slow mobile connection, my WordPress sites got hacked. Infected with malicious malware code that not only did bad things to my sites (yes, all of them) but potentially threatened to do bad things to visitors who stumbled by without adequate malware protection.
Yuk, yuk and double yuk.
Doesn’t come close to describing how awful an experience this was, especially at a time when I was struggling to get online and sort things out. (Of course, this kind of attack will always come when part of your system is down.)
Fortunately, bloggers being bloggers… there are lots of resources out there talking you through how to get yourself out of this kind of situation. It’s not easy, it’s not for those who fear a technical challenge (but probably is for those who’d balk at the price of getting someone to dig you out of the hole again. There are people around who can help, but it’ll cost you.)
I won’t go into the ins and outs of what happened, or all the things I had to do to unpick it, but I will say this:
- Don’t assume it won’t happen to you
- Don’t ignore posts on WordPress security
- Do keep up to date (version of WordPress, and plugins you use)
- Do use a proper password
- Do look into at least the basics of what you need to do to keep your site(s) safe and secure.
Some resources that helped me, hugely, at the time, listed below:
(learning, from this post from WP Dude, how to look at my .htaccess file was what helped me through this, thank you!)
WordPress Security: A Comprehensive Guide
10 Practical WordPress Security Tips
WordPress Security Tips and Hacks
I am not a blogging, security or WordPress expert, and no, I don’t understand everything in these posts either. I probably am still taking some risks. I guess we all are. But at least I’ve got a better idea of what to do and what to look for. You should too.
Do you have any good resources on WordPress security you’d like to share?
If you’ve ever experienced something similar… you have my sympathies! Did you find you were able to talk about it?
PS Do you know I feel strange posting this – like I’m going to jinx myself or tempt evil hackers back to do it again. But I’m going to ignore the bad feeling, because I really do feel that this is something we need to talk about more, and wake up WordPress bloggers to.