Rachel Rivera, PJV Tutorials
This past week Parajunkee.com was a hot mess. Slow load time, weird quirky issues with plugins and then finally the site went down and became nothing but symbols in the middle of the night. The site was hacked, even though I had the Bulletproof Security plugin installed, even though I pay for extra protection from my host, even though I have scanner plugins working daily. The site was STILL hacked.
The only way I knew was because of the side effects of being hacked. It was probably allowed because of a PRO plugin I bought for $20 and installed. Lost my money on that one. Just goes to show, you never know. So…how did I know?
- Patti texted me that Parajunkee.com was nothing but symbols (BINGO – this was the kicker)
- My site slowed down when it wasn’t all symbols
- My plugins were acting funny, showing the wrong symbols
- The .htaccess file had new code in it
- There were new .php files in my File Manager
Use Sucuri SiteCheck to scan your site and look for malicious hacks. It checks your site for viruses, malware, redirects, and other spam. There is a pro option for almost $100 a year, but they do offer a free service. They also have a plugin.
Check Your Hosting Schedules
Take a deep breath non-tech people. There is this thing called CRON. It’s basically a “DIY” script runner. (actual definition: The software utility Cron is a time-based job scheduler in Unix-like computer operating systems – via Wiki) If you wanted to have your site do something all fancy (with code), like run a scheduled scan etc. you would use CRON. It’s in your CPanel of your host. Check if there is anything scheduled there. When someone hacks your sites, sometimes they add some code that will be scheduled to “refresh” even after you’ve deleted all the nasty files. So, you run all this stuff, get it out of there and suddenly it’s back. That’s because they had some other nasty bits in there that you didn’t catch. It’s easy to go into your CPanel and check CRON and see if you have anything scheduled.
Check For Odd Behavior
- Your plugins might behave oddly, weird symbols where there used to be straightforward icons Ö vs ⊗
- A popup occurs while on your site
- There is a link in your footer that you don’t remember adding
- Odd text in your “View Source”
- Spikes in traffic and bandwidth
Sign into Google Webmaster Tools and check for “bad” activity. They will find it and email it to you, but they will also display it for everyone to see. They don’t fix it, only tell you that’s it’s wonky. Then, once you fix everything, use Fetch as Google and check if Google is seeing things okay.
“30,000 sites are identified as ‘hacked’ or passing on malicious code, daily.”
Sometimes your site will be hacked and you’ll have NO idea. Sometimes it will be obvious. It depends on what kind of hack occurs. I’ve fixed a clients site that was hacked that the only way we knew was because when we got on Chrome, it flagged a warning. The warning was the site was considered SPAM. This is not good, because the site was blacklisted by Google. Search your site using Chrome on a regular basis.
The view from Google when you click through a blacklisted site.
Obvious Ways To Tell Your Site Has Been Hacked:
- Unable to login
- New Users / Members in your User tab
- Email acting wonky (if you use domain email)
- Traffic drops considerably
- New .php files in your File Manager
Next week we’ll go into details of what to do once your site is hacked. Run along and go check that you are doing okay! Leave a comment if you’ve been hacked before and how you found out.
Want more book recommendations & tutorials?
Subscribe to our Awesome Newsletter.
The Parajunkee.com Blog Subscription
The hardest part of Indie Authorship..or at least one of the hardest parts is the publishing process. Formatting, set-up, publishing can be such a headache – and my biggest issues have always been when trying to publish through programs like Smashwords. When I mentioned this to other authors, they either nodded in commiseration, or they quickly responded with: “Try Draft2Digital, I love it.” This led me to research and this is what I came up with. I hope it helps you make the decision. I am currently moving over to Draft2Digital.read more
Happy Valentine’s Day! Today is the day to show the love, and not just to your significant other. You can also show your readers some love. What better day to appreciate your readership, than Valentine’s Day? Spread the love and let them know you appreciate them…here are my suggestions for a bit of blog reader love.read more
If you run a Wordpress site, chances are, there are people, bots, assholes– out there trying to hack your site. The first step is preventative, but even the most diligent user might be hacked. This is the down and dirty basics on what to do when your site gets hacked. This isn’t geared for advanced users, this is geared for the average user.read more