Post Traumatic Web Disorder

ptwdFor a few hours this morning, BusinessBuildingBooks.com was gone- almost 100 pages and 89 blog posts all disappeared, thanks to a nasty attempt at hacking, targeting Word Press based websites.

After lots of research, a call to my web host’s excellent customer service line, and hands-on technical help from my dear hubby, Larry, BBB is back on line and almost as good as new.

I want to share this information with you just in case you have a Word Press based website.  If you don’t have that kind of a website, just quit reading now. LOL

The first clue something was amiss came first thing this morning when I had over 400 comments to my blog- all pending my approval.  When I tried to log into my site, I got a message saying it was blocked due to a cyber attack called Brute Force.  According to an excellent blog posted by InMotion hosting, this Brute Force attach is  “A large botnet of around 90,000 compromised servers attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.”  Read the full article here if f you love technical details

When my access was restored and some measures taken to protect the site from Brute Force, everything disappeared.

When you set up a Word Press site, the default log in is named “admin”.  The vast majority of people select a password and then log in to their site using that Admin account.  The bad guys figured this out and set up a robot type computer program to harvest passwords from these admin accounts.

That’s what happened to me.  Not fun at all.

So, if you have an Admin account on your website, please contact your web hosting service and find out how to delete that account and set up a new one.  Each hosting company has a unique process.

However, before you do this, back up your website.  If I had done this first, I would not have had any drama.

There is a very helpful Word Press plug in called Back Up Creator.  See details here

For $7 you can make an exact copy of your website and store in your home computer.  Then, if there is a problem, this plug in allows you to restore  your website in seconds.  It’s very easy and works like a charm.

Here’s the moral of my tale of website woe:

1.  Back up your Word Press website.

2.  If you have an administrative log in named Admin- get rid of it following the instructions from your web host

3. Consider setting your comments to require your approval before they post onto your blog.

4.  On days of computer trauma, old fashioned comfort food helps.  We had meatloaf and mashed potatoes for dinner and I feel better already.

I lost some photos, a lot of comments, and several hours of work.  However, at the end of the day, life and business are still pretty good!

Comments 16

  • One item missing in this article is the need for a strong password. Did you know you can have a phrase like “I like to eat bananas in the morning” as your password? Spaces are allowed and make it quick to create more complicated passwords.

  • Lynne: Tx for this great article! I subscribed this morning to Back Up Creator! The last 2 weeks both my laptops caused problems and hefty repair bills.

  • Thanks for all the info from everyone. I use word press. Their customer service is fabulous.

  • Dear Lynne!!

    WOW. Here’s another help you’ve given to all of us, right in the middle of your disaster ~ thank you!

    Chuck and I are redoing my website ~ and everyone says it needs to be a WordPress Website to increase SEO and all that…You have saved us tremendous amounts of STRESS! SO thank you so much for making your trauma our learning. You talk about finding the gift in this obstacle & dancing with whatever shows UP… Thanks you for helping us to dance as well ~ and we’re taking all of these instructions to heart. Our website will still be WordPress, and now we’ll be forewarned and forearmed!

    Sending you a Whopping HIGH FIVE & a Great Big HUG,
    Maia

    PS: LOVED the comfort food tip!

  • I didn’t need to go through my hosting service to change the admin account for my wordpress sites. I added a free plug in called better wp security. I used it to help me change the settings on wordpress in the hope of making it more secure from this kind of attack. No one can guarantee something is totally secure but if it is somewhat secure they will give up and try somewhere else.

    Only a few minutes before I spotted this message I found a warning from one of my web sites saying someone had been locked out after too many log in attempts. It gave the ip address which when I checked is in Turkey. It is not the first such message I have had since setting this plug in up. One came from China another from Texas and there have been 3 or 4 others.

    There again when you set up a wordpress site you have the option of changing the word admin on the form. Before I even installed that plug in I realised the stupidity of using the same log in name as everyone else. It is no different to not changing the default pin code or password on anything. All it takes is one 1 miscreant who knows the default and all your protection becomes worthless.

    If you are using the default pin code or password on anything burglar alarm, phone its time to seriously consider changing it to make it more secure.

  • Thank you Lynne for warning us, and great that there is a way to back up complete websites. A good thing everything is still here. Enjoying your blogs!

  • I recommend using the Better WP Security plugin. Make sure you back everything up first, but then get it installed and activated, and it will walk you step-by-step through plugging all your WordPress site security holes.

  • I went into cPanel some time ago and looked for any of my sites with Admin as the username, and also as nice name. So far, so good.

  • I passed along this article to my writers loop…thanks so much!

  • It’s such a shame that some people have nothing better to do with their time than to try to make life miserable for others. That’s when stress relief comes in handy! Glad you got everything straightened out!

  • Big YES to all! But I like the meatloaf and mashed potato solution the best. 🙂

  • So glad your disaster was averted in the end, Lynne.

    Back Up Creator plugin is awesome and well supported by its founders, Robert Plank & Lance Tamashiro. Go get it!

  • So sorry to hear of your disruption Lynne!

    Thanks for the valuable steps to take! You are always a generous giver!

    Many thanks, Pam

  • Ugh! I’m going through the same thing…only my host left me to make the changes on my own..glad to see you are back up and running!

  • You might want to take your security to the next level because the hackers are devious and there are other entries other than a brute force attack. Highly recommend Regina Smola of SafeWP.com. She’s a computer godsend when it comes to hackers and security.

  • Thanks for the heads up! I’m just building my site, so now I know to get the plug-in and be proactive. I wish technology were more “knowledgey” and less “techno”!

Leave a Reply

Your email address will not be published. Required fields are marked *