I WAS HACKED! | How To Prevent Your Blog From Being Hacked

If you’ve been following my Social Media over the last week or so, you may have seen my announcement about my blog being hacked by something called ‘Japanese SEO Spam’.

My website was taken down, and quarantined by my host. I had the most awful experience trying to fix the issue with my host, and it led to me migrating to another host. It literally took a hit to my mental state, as my blog is my passion and my hobby, and watching it being taken away from me was all a little too much. I couldn’t deal with my emotions, as I watched all of my hard work to build a little brand for myself just disappear, and the worst part is… it was out of my control. I don’t have any knowledge of coding, and this was the worst possible hack I could have experienced.

This hack happened due to a lack of security measures on my site. Ignorance is bliss I guess they would say, and this was a huge wake-up call for me. I always thought this wouldn’t happen to someone like me, who doesn’t have a massive readership like fellow bloggers I know. But, this could truly happen to anyone…

I thought I’d make this post, as a lot of fellow bloggers who saw my social posts didn’t quite understand what had happened. If you’re a blogger reading this post, PLEASE share this with your other blogger friends, as I would hate for this to happen to anyone else. Take the precautions I have stated below, and you’ll be well on your way to securing your website.

The Confessions of an Online Shopaholic guides you through how to sort out your website once it has been hacked by the Japanese SEO Spam

How Did You Find Out You Were Hacked?

I found out I was hacked, as I occasionally search certain blog posts to see how they’re performing on Google. I then realised that the way my blog was being displayed on the Google results were rather unusual. My search engine text was all written in Japanese, and upon translating the text, it was for random products, and a lot of them being designer products.

Jennifer Lam of The Confessions of an Online Shopaholic guides you through what to do if your site is compromised by the Japanese SEO Spam and how to tighten up your web security

What Did You Do Once You Realised Your Site Was Hacked? What Was Your Terrible Experience With Your Web Host?

I contacted my website host immediately, which was Bluehost, and asked them to scan my website for malware. I had a sneaky suspicion that I had been hacked, and I wanted to find out what it was. They scanned my website and told me that it had been hacked by Japanese SEO Spam, and I had no idea what that was. At this point, they tried to force me into buying the most expensive SiteLock package, to sort out my website. I refused, and they decided to entice me with a very minimal discount code. So, at this point I ended the chat.

If Bluehost try to sell you any security packages, DON’T purchase them! There are other cheaper, and more reliable services available. Bluehost are affiliated to companies like SiteLock, so of course they’ll get you to pay more!

I then spoke to another staff member, who scanned my website again, and this time he quarantined my website. He told me the site had to be taken offline, as the malware could infect other users. Then, he created a ‘malware.txt’ file, and told me I needed to go on the file and delete all of the malware detected by the scan on that file. However, he warned that if I started deleting the wrong files it would break my code on the website. This in turn would break my website, and apparently there would be no way of restoring my site from a backup, as it has been taken offline. Instead, he tactfully asked that I buy the SiteLock package like the last colleague!!

He tried many ploys of trying to scare me, by saying that the malware.txt file he created contained false-positives, and I needed an expert to look into it. I was even told that if I don’t buy the package it will keep happening again.

The e-mail they sent me when my site was quarantined, said at the bottom that if this happened a further three more times in a 60-day period, I’d be asked to find another host.

I always praised Bluehost for how helpful their customer service was, but they were waiting on experiences like this to pry on those who don’t know any better. Please be warned if you’re a new blogger looking for a host!

Jennifer Lam from The Confessions of an Online Shopaholic talks through her bad experience with Bluehost

What Were You Hacked By?

I experienced someone or something using a Black Hat SEO technique, or in my case it was the Japanese SEO Spam. Before I start trying to explain what this is, I just wanted to quickly disclose that I am in NO WAY an expert in this area.

From the research I gathered about what Black Hat SEO is, it’s a negative SEO technique. It manipulates Google’s algorithm to rank a particular page from a website on the first page of Google.

Japanese SEO Spam however, is a Black Hat SEO technique. This is what my site was infected with.

According to Google, the hacker will create new pages with autogenerated text, which is in Japanese. The links to these pages are affiliate links to stores that sell fake branded merchandise.

I saw some for big names like Gucci and Panasonic. I first saw all of these pages when I typed in “site: theconfessionsofanonlineshopaholic.com” into Google Search. It would normally show pages of my own content that has been indexed by Google. However, in this case, it displayed a lot of spammy Japanese text that had been injected into my website.

Japanese SEO Spam affected Lifestyle Blogger

Google suggested that the hacker may have added themselves as a property owner on my Google Search Console account. However, when I checked, there were no suspicious-looking accounts. I accessed the frontend of my website, and found a lot of malicious files that I had never seen before.

How Did You Fix The Problem?

Bluehost said they cannot restore a website from a backup if it had been quarantined. This meant that I didn’t want to touch the code in case I broke it. I was panicked and upset that my website could be down for weeks or months, before I could find the money to pay for their security package. I put out social media posts on my Instagram and Twitter to warn people to tighten up the security on their websites. I also announced that I would be taking a break from my social media until I found a way to get my site up and running again. I didn’t have any contacts in my close circle that knew how to deal with these sorts of problems. So, my only option at the time was to gather the funds necessary to get an experienced web developer to help out.

When I lost all hope that I could fix this problem, Nancy from exquisitely.me came to the rescue! Nancy works in Cyber Security, so she has experience in analysing websites and removing hacked content. She explains more about her job here, in case you’re interested to find out more! I’ve known her for quite a while, as she writes a lot of great content on her website, that you can’t help but want to go back and read more. This is why I felt that I could trust Nancy to get onto the frontend of my website to delete all of the files that she deemed as malicious. She spent hours combing through every individual file with me, and sending me screenshots of where she was up to. We also deleted files contained in the malware.txt file. However, this file did contain false positives, and it would have broken my site if we chose to delete them. This is why I lost all trust in Bluehost, as they were trying to set me up to fail to begin with.

We then contacted Bluehost support to ask them to re-scan my website for malware. Two scans later, the website came back squeaky clean, and there was not a malicious file in sight! You can also tell that all spammy files had been erased, as you can check your pages ranked by Google using “site: _yoursiteurl_” on Google Search. And, low and behold, there wasn’t any Japanese text to be seen!

You wouldn’t be reading this post if it wasn’t for Nancy! I am so incredibly grateful that she wanted to spare a few hours of her time to help me fix this problem, and words can never express how thankful I am. I have no idea how to ever repay her for her assistance!

So, whenever you’re on my blog, please navigate to the right sidebar, and click on the image with Nancy’s blog to take a read of her latest articles! It would honestly mean the world to me if everyone could support her blog too!

Nancy's blog

What Do You Think Caused The Japanese SEO Spam On Your Website?

In mine and Nancy’s opinion, we believe the Yoast SEO Plugin that I was using on my website could have caused a backdoor to be left open to hackers. This was during a time where Yoast had an update for the plugin, which I normally keep them all up-to-date, but on this occasion something went wrong. The hacker must have found a way to bypass a weakness in the coding of the plugin during the update, and hence how they got onto my site. This guide by WP Beginner, is a brilliant source for fellow WordPress users.

A piece of advice by Nancy was to PLEASE keep ALL plugins up-to-date!!! The updates are there for a reason, and most of the time they’re updated to make sure that the plugin is not compromised.

Jennifer Lam lists out the things you need to do to increase your blog's security

  • DELETE all plugins that are not necessary! Poorly coded plugins could have vulnerabilities.
  • ALWAYS update your plugins. There’s a reason for these updates!
  • UPGRADE to the latest version of WordPress. This is to ensure that old versions of WordPress doesn’t leave any backdoors open.
  • ERASE old files to themes that are no longer in use. This could leave a potential backdoor for hackers.
  • BACKUP your website regularly, as you never know when you need it.
  • USE strong passwords – this may seem like common sense, but this is so important. If your password is currently quite weak, and you use the same password for everything, please go and change your password now.
  • MONITOR your website every now and then. Use Incognito mode, and Google your website using “site:_ yoururl_” to check that everything is working as it should.

  • LIMIT login attempts to your website using this plugin. I use it as well, and it helps to slow down brute-force attacks. If you’re unsure of this term, click to read my post here, where I explain it all.
  • DOWNLOAD an anti-spam plugin, such as Akismet. It helps me to catch all of the spam comments, which may contain malicious links.
  • CLOUDFLARE is another plan you need for your website. Not only does it help speed up your website using a global Content Delivery Network (CDN), it protects your website. It protects it from malicious bot attacks, prevents attackers from getting a hold of sensitive information on your website and prevents DDoS attacks.
  • JETPACK is the key plugin you need for WordPress. It sends you an e-mail if your site is down for any reason. So, this could be a useful plugin in the case of hacked websites.
  • SECURITY is paramount, so you need to download a plugin, which can protect your website from malware. A very well-known plugin that does this, is Securi. The free version still protects against malware, although you do have to pay to have a firewall included. It also lets you know of successful and unsuccessful login attempts, and whether any updates have been made to your website.
  • HOSTING is so important for a website. Please choose a host that you know has reliable reviews. Bluehost certainly did not do me any favours during this time. I have now moved to Lyrical Host*, who are a relatively new hosting company who I’ve been recommended by fellow bloggers. You can use my code ‘JENNIFERWL10’ * to get 10% off hosting packages with them.

Get 10% off Lyrical Host plans by using the code 'JENNIFERWL20'

In Conclusion…

I know this blog post is extremely long, which I apologise for. But, this topic needs to be widely shared amongst the blogging community. It’s very costly if you don’t know what you’re doing. This is in terms of a monetary sense, and also all of the valuable work and time that you put into your blog. It would mean the world to me if you could share this with even just one fellow blogger friend to spread awareness, as this could save this from happening to their blog!

For a more in-depth guide on how to clean a hacked WordPress website, check out this blog post by Securi:

How to Clean a Hacked WordPress Site* 

If you would like me to do another blog post more extensively about something in particular in this post, please let me know in the comments! If you also have any questions about anything to do with this topic as well, please leave a comment below, and I’ll get back to you as soon as possible.

Top 13 ways to increase the security of your blog against hacks, such as the Japanese SEO Spam

Thank you for all of the messages sent by everyone when my site went down! I felt so overwhelmed with love, and it reminded me of why I love what I do so much. I couldn’t believe the amount of messages I received on my Instagram and Twitter, so thank you so, so much! Each and every one of you all mean the world to me, and the reason I look forward to creating content all of the time!

Love,

Follow:
Share:
DISCLAIMER: Affiliate links have been highlighted using an asterisk, (*).

24 Comments

  1. June 24, 2018 / 7:39 pm

    It sounds like an absolute nightmare, you poor thing! So glad it’s all fixed for you now and thank you so much for sharing your experience and all your above tips!!

  2. June 24, 2018 / 8:07 pm

    I’m so sorry this happened to you! What an awful, awful thing! I can’t imagine how stressful the past few weeks have been. The technical side of my blog is something that I never really took much consideration for. After reading your post, I realise how important this aspect of my webpage actually is. Thank you for sharing such an informative post. I’ll definitely be going through the checklists at the end again.

    • June 24, 2018 / 8:24 pm

      I was exactly the same as yourself! I just didn’t think that it would get hacked, as there are much bigger websites out there. Thank you for taking the time to read my post!

  3. June 24, 2018 / 8:25 pm

    It’s ridiculous when hosts try to make the problem on you and try to charge you for it. REALLY?! Anyways, taking some security precautions on your website is so important and shouldn’t cost an arm and a leg. I’m glad I saw your tweet because bloggers and creators shouldn’t be closing down their site for an extended time over compromises/etc. :). Thanks so much for the shoutout, girl ♥! LOVE supporting other bloggers.

    These are such useful tips to help strengthen your site a bit more. I agree with all of these manual action items – it may seem a lot but if you do it frequently, it’s not a biggie. I’m so happy that your website is back up and you’re ready to push out some lit content!

    Nancy ♥ exquisitely.me

    • June 24, 2018 / 8:32 pm

      I completely agree! You pay them enough already, and apparently it isn’t enough! That’s definitely true, I’ve made big changes now to stop that from happening, that’s for sure! I definitely can’t leave it to chance again. I’m so glad you saw it at the time you did, and thank you ever so much again! No worries, it was the very least I could do!

      Thank you, and that’s so true! It’s only small things you need to do if you want to prevent it happening! And, it’s all because of your help! I’m so excited to get content up now, haha!

  4. June 24, 2018 / 8:54 pm

    Oh my gosh, this sounds so stressful, I got second hand stress just from reading this! I use Squarespace instead of WordPress, and I debated switching to WordPress one day but after reading this, I think I feel safer sticking to Squarespace since they are so secure and basically do everything for you. WordPress gives you a lot more freedom and options, but when it comes to all the techy stuff I would have no clue where to start with hosting or anything (I don’t have any plugins and I don’t even know what they are tbh). This whole thing sounds so scary and has helped me decide that I think I’m gonna stick to Squarespace and just let them host and take care of everything, and just play it safe that way. I’m so glad you were able to get it all sorted out and you found a better host!

    • June 24, 2018 / 9:23 pm

      I’m so sorry about that Fifi! I’m glad it helped you decide to stick with Squarespace, despite the stress the post might have caused. I don’t know all that much about Squarespace, but if you’ve had no problems with them so far, there’s no need to migrate! I just think that if it isn’t broke, don’t fix it – it causes so much unnecessary stress. I’m glad this post managed to help you out! Thank you very much!

  5. June 24, 2018 / 11:39 pm

    I’m so sorry that you have to go through this. Thanks for telling us what happened and how the problem was fixed. I’m glad that everything’s ok now.😊

    • June 26, 2018 / 1:04 am

      Thank you so much for taking the time to read it! Thank you, I’m so glad as well! I just hope the guide is enough to encourage people to increase their security.

      • June 26, 2018 / 1:08 am

        Your post is very detailed and It made me more aware of this problem. Thanks😊

  6. June 25, 2018 / 6:18 am

    I’m so glad you shared your experience. We tend to assume our site is secure and for the most part it is but as you say, leave a door open and they’ll get in. I always keep everything up to date but I do have a couple of inactive plugins which I will get rid of. I’m so surprised it might have been Yoast? I know it’s a very popular plugin and one which I use. Plus, WP recommend using it.

    How lovely Nancy sorted it out for you. She’s worth her weight in gold to you I bet.

    Samantha x

    http://thebeautyspyglass.com

    • June 26, 2018 / 1:17 am

      Thank you so much, Samantha! It was honestly my worst nightmare, as I always thought in the back of my mind that there was a slim chance this could happen, but I never thought it would actually happen this soon into having a blog. You’re definitely doing everything right, and it’s always good to get rid of the things you no longer require for your site, as it just takes up disk space and could leave your site vulnerable to these sorts of attacks. I always thought this too, I’ve used Yoast ever since I started blogging!

      She really is, I can’t honestly say how grateful I am for her!

      Thank you for taking the time to read all of this lovely!x

  7. June 25, 2018 / 11:14 am

    I can’t believe someone would do that and I feel so sorry for you, I’m so glad you made this blog post and keep up the great up

  8. June 25, 2018 / 6:50 pm

    Hi there, I wrote a comment yesterday but I couldn’t see it…. not sure if it’s for moderation or you haven’t received it. Let me know😊 Thanks!

    • June 26, 2018 / 1:13 am

      Hi lovely! Yes, sorry I did receive it, I was just so busy yesterday that I didn’t get the chance to approve all of the comments, thank you for chasing up on it, and for all of your lovely comments!

  9. June 26, 2018 / 1:13 pm

    Sounds like an absolute nightmare. So glad you got sorted in the end. Great advice here if it happens to us. Pinning for future reference.

  10. June 27, 2018 / 11:42 am

    So so so glad everything is back to normal and thanks so much for this post, I have downloaded a few plugins you suggested and I am definitely going to look into downloading more. I am going to change my password too! Honestly this blog post has been so helpful!! xxx

Please leave a comment, I'd love to hear your thoughts!

This site uses Akismet to reduce spam. Learn how your comment data is processed.