My website was taken down, and quarantined by my host. I had the most awful experience trying to fix the issue with my host, and it led to me migrating to another host. It literally took a hit to my mental state, as my blog is my passion and my hobby, and watching it being taken away from me was all a little too much. I couldn’t deal with my emotions, as I watched all of my hard work to build a little brand for myself just disappear, and the worst part is… it was out of my control. I don’t have any knowledge of coding, and this was the worst possible hack I could have experienced.
This hack happened due to a lack of security measures on my site. Ignorance is bliss I guess they would say, and this was a huge wake-up call for me. I always thought this wouldn’t happen to someone like me, who doesn’t have a massive readership like fellow bloggers I know. But, this could truly happen to anyone…
I thought I’d make this post, as a lot of fellow bloggers who saw my social posts didn’t quite understand what had happened. If you’re a blogger reading this post, PLEASE share this with your other blogger friends, as I would hate for this to happen to anyone else. Take the precautions I have stated below, and you’ll be well on your way to securing your website.
How Did You Find Out You Were Hacked?
I found out I was hacked, as I occasionally search certain blog posts to see how they’re performing on Google. I then realised that the way my blog was being displayed on the Google results were rather unusual. My search engine text was all written in Japanese, and upon translating the text, it was for random products, and a lot of them being designer products.
What Did You Do Once You Realised Your Site Was Hacked? What Was Your Terrible Experience With Your Web Host?
I contacted my website host immediately, which was Bluehost, and asked them to scan my website for malware. I had a sneaky suspicion that I had been hacked, and I wanted to find out what it was. They scanned my website and told me that it had been hacked by Japanese SEO Spam, and I had no idea what that was. At this point, they tried to force me into buying the most expensive SiteLock package, to sort out my website. I refused, and they decided to entice me with a very minimal discount code. So, at this point I ended the chat.
If Bluehost try to sell you any security packages, DON’T purchase them! There are other cheaper, and more reliable services available. Bluehost are affiliated to companies like SiteLock, so of course they’ll get you to pay more!
I then spoke to another staff member, who scanned my website again, and this time he quarantined my website. He told me the site had to be taken offline, as the malware could infect other users. Then, he created a ‘malware.txt’ file, and told me I needed to go on the file and delete all of the malware detected by the scan on that file. However, he warned that if I started deleting the wrong files it would break my code on the website. This in turn would break my website, and apparently there would be no way of restoring my site from a backup, as it has been taken offline. Instead, he tactfully asked that I buy the SiteLock package like the last colleague!!
He tried many ploys of trying to scare me, by saying that the malware.txt file he created contained false-positives, and I needed an expert to look into it. I was even told that if I don’t buy the package it will keep happening again.
The e-mail they sent me when my site was quarantined, said at the bottom that if this happened a further three more times in a 60-day period, I’d be asked to find another host.
I always praised Bluehost for how helpful their customer service was, but they were waiting on experiences like this to pry on those who don’t know any better. Please be warned if you’re a new blogger looking for a host!
What Were You Hacked By?
I experienced someone or something using a Black Hat SEO technique, or in my case it was the Japanese SEO Spam. Before I start trying to explain what this is, I just wanted to quickly disclose that I am in NO WAY an expert in this area.
From the research I gathered about what Black Hat SEO is, it’s a negative SEO technique. It manipulates Google’s algorithm to rank a particular page from a website on the first page of Google.
Japanese SEO Spam however, is a Black Hat SEO technique. This is what my site was infected with.
According to Google, the hacker will create new pages with autogenerated text, which is in Japanese. The links to these pages are affiliate links to stores that sell fake branded merchandise.
I saw some for big names like Gucci and Panasonic. I first saw all of these pages when I typed in “site: theconfessionsofanonlineshopaholic.com” into Google Search. It would normally show pages of my own content that has been indexed by Google. However, in this case, it displayed a lot of spammy Japanese text that had been injected into my website.
Google suggested that the hacker may have added themselves as a property owner on my Google Search Console account. However, when I checked, there were no suspicious-looking accounts. I accessed the frontend of my website, and found a lot of malicious files that I had never seen before.
How Did You Fix The Problem?
Bluehost said they cannot restore a website from a backup if it had been quarantined. This meant that I didn’t want to touch the code in case I broke it. I was panicked and upset that my website could be down for weeks or months, before I could find the money to pay for their security package. I put out social media posts on my Instagram and Twitter to warn people to tighten up the security on their websites. I also announced that I would be taking a break from my social media until I found a way to get my site up and running again. I didn’t have any contacts in my close circle that knew how to deal with these sorts of problems. So, my only option at the time was to gather the funds necessary to get an experienced web developer to help out.
When I lost all hope that I could fix this problem, Nancy from exquisitely.me came to the rescue! Nancy works in Cyber Security, so she has experience in analysing websites and removing hacked content. She explains more about her job here, in case you’re interested to find out more! I’ve known her for quite a while, as she writes a lot of great content on her website, that you can’t help but want to go back and read more. This is why I felt that I could trust Nancy to get onto the frontend of my website to delete all of the files that she deemed as malicious. She spent hours combing through every individual file with me, and sending me screenshots of where she was up to. We also deleted files contained in the malware.txt file. However, this file did contain false positives, and it would have broken my site if we chose to delete them. This is why I lost all trust in Bluehost, as they were trying to set me up to fail to begin with.
We then contacted Bluehost support to ask them to re-scan my website for malware. Two scans later, the website came back squeaky clean, and there was not a malicious file in sight! You can also tell that all spammy files had been erased, as you can check your pages ranked by Google using “site: _yoursiteurl_” on Google Search. And, low and behold, there wasn’t any Japanese text to be seen!
You wouldn’t be reading this post if it wasn’t for Nancy! I am so incredibly grateful that she wanted to spare a few hours of her time to help me fix this problem, and words can never express how thankful I am. I have no idea how to ever repay her for her assistance!
So, whenever you’re on my blog, please navigate to the right sidebar, and click on the image with Nancy’s blog to take a read of her latest articles! It would honestly mean the world to me if everyone could support her blog too!
What Do You Think Caused The Japanese SEO Spam On Your Website?
In mine and Nancy’s opinion, we believe the Yoast SEO Plugin that I was using on my website could have caused a backdoor to be left open to hackers. This was during a time where Yoast had an update for the plugin, which I normally keep them all up-to-date, but on this occasion something went wrong. The hacker must have found a way to bypass a weakness in the coding of the plugin during the update, and hence how they got onto my site. This guide by WP Beginner, is a brilliant source for fellow WordPress users.
A piece of advice by Nancy was to PLEASE keep ALL plugins up-to-date!!! The updates are there for a reason, and most of the time they’re updated to make sure that the plugin is not compromised.
- DELETE all plugins that are not necessary! Poorly coded plugins could have vulnerabilities.
- ALWAYS update your plugins. There’s a reason for these updates!
- UPGRADE to the latest version of WordPress. This is to ensure that old versions of WordPress doesn’t leave any backdoors open.
- ERASE old files to themes that are no longer in use. This could leave a potential backdoor for hackers.
- BACKUP your website regularly, as you never know when you need it.
- USE strong passwords – this may seem like common sense, but this is so important. If your password is currently quite weak, and you use the same password for everything, please go and change your password now.
- MONITOR your website every now and then. Use Incognito mode, and Google your website using “site:_ yoururl_” to check that everything is working as it should.
- LIMIT login attempts to your website using this plugin. I use it as well, and it helps to slow down brute-force attacks. If you’re unsure of this term, click to read my post here, where I explain it all.
- DOWNLOAD an anti-spam plugin, such as Akismet. It helps me to catch all of the spam comments, which may contain malicious links.
- CLOUDFLARE is another plan you need for your website. Not only does it help speed up your website using a global Content Delivery Network (CDN), it protects your website. It protects it from malicious bot attacks, prevents attackers from getting a hold of sensitive information on your website and prevents DDoS attacks.
- JETPACK is the key plugin you need for WordPress. It sends you an e-mail if your site is down for any reason. So, this could be a useful plugin in the case of hacked websites.
- SECURITY is paramount, so you need to download a plugin, which can protect your website from malware. A very well-known plugin that does this, is Securi. The free version still protects against malware, although you do have to pay to have a firewall included. It also lets you know of successful and unsuccessful login attempts, and whether any updates have been made to your website.
- HOSTING is so important for a website. Please choose a host that you know has reliable reviews. Bluehost certainly did not do me any favours during this time. I have now moved to Lyrical Host*, who are a relatively new hosting company who I’ve been recommended by fellow bloggers. You can use my code ‘JENNIFERWL10’ * to get 10% off hosting packages with them.
I know this blog post is extremely long, which I apologise for. But, this topic needs to be widely shared amongst the blogging community. It’s very costly if you don’t know what you’re doing. This is in terms of a monetary sense, and also all of the valuable work and time that you put into your blog. It would mean the world to me if you could share this with even just one fellow blogger friend to spread awareness, as this could save this from happening to their blog!
For a more in-depth guide on how to clean a hacked WordPress website, check out this blog post by Securi:
If you would like me to do another blog post more extensively about something in particular in this post, please let me know in the comments! If you also have any questions about anything to do with this topic as well, please leave a comment below, and I’ll get back to you as soon as possible.
Thank you for all of the messages sent by everyone when my site went down! I felt so overwhelmed with love, and it reminded me of why I love what I do so much. I couldn’t believe the amount of messages I received on my Instagram and Twitter, so thank you so, so much! Each and every one of you all mean the world to me, and the reason I look forward to creating content all of the time!