The Travelista

My Blog Got Hacked

17 Comments

At the start of January my blog got hacked. Someone or something hacked into the site and infected it with malware, which basically means malicious software. I was at risk of losing my entire site and it was a huge reality check and learning curve for me. At the risk of sounding a bit dramatic, it was one of the most stressful things I have ever gone through with my blog and business, so I have decided to write a blog about it to help other bloggers make sure their sites are fully protected. I know there have been a number of bloggers affected by hacks recently and I really would hate for it to happen to any more.

The hack happened because my site didn’t have sufficient security and deterrents. It’s something I felt so stupid about at the time, but I guess it’s not something that is widely talked about in the blogosphere. I was blissfully unaware that my blog was even at risk, so maybe you are too? I love all the creative elements about running a blog, but when it comes to the tech side of it, I really struggle. This is the story of my blog hack.

The Story

It was a Sunday evening and Scott and I were relaxing at home after a really chilled-out day. I try to totally switch off from emails, blogging and social media on Sundays. However, that Sunday I happened to check my Instagram direct messages. There was a message from one of my lovely followers letting me know that the Google description of my blog was all in Chinese characters. For some reason, I didn’t initially panic or connect this issue with a hack. I just calmly replied with ‘oh thanks so much for letting me know! I will definitely look into it’. I’ll do it tomorrow, I said to myself.

It wasn’t until about 30 minutes later I thought about that message again and I decided to try and log into my WordPress admin page. I entered my details as usual, but it said my username and password was not recognised. The hacker had changed both of them, so I couldn’t access my blog. This was when the first surge of stress and adrenaline hit me. I then went to look at my homepage, which was displaying nothing more than just my logo header. Had I been hacked? How do I find out? How to I get back in to my admin panel? I spent the next 30 minutes or so completely freaking out, which was incredibly unproductive. Poor Scott was trying to help out by calming me down and Googling things on his phone. The truth is, we were both pretty clueless.

Cleaning Out the Malware

It took a while to find some rationale in my head. After the initial panic, I got in touch with Blue Host (my web host at the time).

I do not recommend Blue Host and I have since changed host providers.

They confirmed that my blog had been infected with malware and that they would need to temporarily close the site down to stop it from getting any worse. Secondly, then advised that I would need to find a third party company to clean out all of the malware for me. After getting advice from fellow bloggers, I decided to use a web security company called Sucuri. I paid just shy of $300 for Sucuri to do a full malware clean up and install a 12-month firewall on my blog. They explained that because my blog had been hacked once it was now vulnerable to future attacks. I didn’t know if this was true or just sales jargon, but it seemed logical. In the stress of it, I was willing to pay any amount of money to sort the problem and protect my blog going forward. To my knowledge, Sucuri managed to clean the malware out in around 9 hours (much longer than the quoted 4 hours in the sales pitch). After a £90 phone call to their USA helpline and day later, they confirmed that they had cleaned out all the malware and installed the firewall.

The hyper-sensitive firewall then opened up a whole new can of worms as it started to block users from accessing my site and leaving comments. This means my traffic totally plummeted for the days that the firewall was active. The issues with the firewall continued for about another 10 days following the hack, which just added to the headache. In hindsight, I had implemented a firewall which was way too strict and sensitive for my website needs. Sucuri was in no-way user friendly (unless you are fluent in tech language) so it turned out to be more of a hindrance than a help. The blog had gone from not secure enough to way too secure overnight. I needed help.

I do not recommend Sucuri.

Changing My Host

I know that ultimately I am to blame for the hack as I stupidly I didn’t have sufficient security, but I was really let down by the service from Blue Host in the whole debacle. Firstly, they did not alert me in any way about the malware. I had to approach them and ask them to check my site for me. Secondly, they had not been taking backups of my site, which was a huge miscommunication in itself. Thirdly, they’re based in the US and have no direct phone line. The only way is to get customer service is via a live web chat to someone who speaks in broken English. When you’re stressed out and in need of clear advice, this can be incredibly frustrating.

I have since changed host to an independent and UK-based host provider called Fred Bradley, who is a breath of fresh air and was a total god-send at the time. When I explained the situation to Fred, he pro-actively spotted that some malware was still in my blog. By this point it felt like the issues were never going to end and I actually lost trust in Sucuri as my chosen security provider.

If you are going through a similar issue, I 100% recommend Fred.

In the end I ended up getting a refund on the Sucuri service (minus $99 for the malware clean up) and have since transferred all hosting and security services over to my UK based host. Fred has been incredibly helpful has helped to secure my entire website as well make changes to help it rank better on Google.

I don’t think that this hack was a personal attack on me. I think it was probably more of a robotic hack that was seeking credit card data or email data. Unfortunately for the robot, neither are stored on my blog so it was a bit of a waste of time for everyone involved. What scared me the most is the fact it had accessed my admin panel, as it could have deleted my entire site. In the grand scheme of life this isn’t a serious issue. Nobody died and I managed to restore everything back to how it was. But this horrible experience definitely has made me realise the importance of web security, especially when your blog is your business and you’ve spent the last 5 years of your life growing it.

Total Cost of the Malware Hack

£72 – Malware Clean up from Sucuri (Initially paid $299.99 for the Pro Website Security Platform but got a refund due to the insufficent malware clean up and over-sensitive firewall. You can’t pay Sucuri for a one-off Malware clean up which is why I don’t recommend them)
£90 – Emergency phone call to Sucuri in USA
£37- BackupBuddy Annual Subscription
£60 – Additional Malware Clean up and Support from UK Web Developer
TOTAL: £259

I also paid an additional £120 to switch my web hosting to Fred so my site could sit with a UK Web Developer and host. This was optional but it has definitely given me better peace of mind about the security of my blog. If you are happy with your current hosting service, you wouldn’t need to do this.

What to do if you think your blog has been hacked or has malware

  • Change all of your passwords immediately
  • Do NOT do a back up if you think your site has malware as the backup will duplicate the malware. Wait until the malware has been cleaned out before backing up
  • Get in touch with your web hosting provider and ask them to check for malware
  • If malware is confirmed, you’ll need to pay for a web developer or security provider to clean out the malware for you
  • Follow the below advice to protect your blog going forward

What You Can do to Protect Your Blog / Website

If reading this post has made you think about your own blog security, here are a few things you can do protect your site;

  • Make regular backups of your website. I use a Plugin called BackupBuddy which automates daily backups and stores them online in a cloud if I ever need them.
  • Enable 2-factor authentication on your admin log in page. On WordPress, this can be done via a Plugin and phone app called Authy. A unique code is sent to your phone every time you try to log in.
  • If you have a self-hosted WordPress blog, you can change your generic admin log in URL to something completely unique, so hackers can’t find it
  • Ensure your blog has an SSL certificate (this will benefit your SEO and security)
  • Install the free Sucuri plugin for additional security measures
  • Seek advice from a web developer to check that your blog has good protection

If you’re still reading this, then thanks for sticking with me! What did you think of my hack story? Have you had a similar experience or has it made you think twice about your own blog security? I would love to hear your thoughts so please leave me a comment in the box below. Jess x

Comments

  1. For beginners and experts as well, this guide is useful for both because nowadays due to heavy hacking attacked, people need to secure their websites and your post is written accordingly.

    Reply

  2. Oh my goodness what a nightmare! I’m glad it’s all sorted out now.
    I understand what you said about bluehost, their customer service is terrible, very unhelpful.

    Hope you have a wonderful year ahead Jess xx

    Reply

    • Thanks Adriana! Such a relief to have it all sorted. It’s interesting you’ve also had a bad experience with BlueHost. Nobody wants to feel like they’re talking to a robot! Human service is what they lack. Wishing you all the best too xx

      Reply

  3. I’m so glad you were able to save your blog! How disappointing on Blue Host’s end though… considering you must have been using them for years and their handling was below expectations =(

    Dianna <3

    Reply

    • Hi Dianna. Thanks for your lovely comment! It was definitely dissapointing service from Blue Host even though I was hosting with them for about 4 years so they lost a very loyal customer. X

      Reply

    • Thanks Soujanya, it was a total nightmare! Especially with all the content I had created over the years. Hope the post has helped you to make sure your own blog is protected x

      Reply

    • Thanks Jet, it would have been awful! I feel very lucky to not have lost anything. I am super paranoid now but all the security measures are now in place! X

      Reply

  8. Oh gosh Jess that sounds so stressful! I’m so glad you got everything restored In the end. This post will be so helpful for anyone who experiences the same thing xxx

    Reply

    • Thanks Laura… it was so so stressful! I feel lucky to have been able to restore everything, especially with no backups. Hope the post helps others x

      Reply

  9. Thank you so much for sharing your experience and your suggestions! It’s awful to have this kind of thing happen when you depend on your blog or website for . your business. Hearing advice from someone who has gone through it is very helpful. Thank you!

    Reply

Spark a conversation!

Follow on Instagram

  • ‘Twas the night before Christmas, in the neonatal intensive care, all the babies were sleeping, while sounds of alarms filled the air. The nurses making rounds, double-checking their meds, while tucking the little babies, snug deep in their beds. The stethoscopes were hung, by the preemies with care, in hopes that they would all soon, be breathing room air. When out in the hall, there arose such a clatter, the nurses came running, to see what was the matter. Up from the desk, the tech flew with a fret, to make sure all was well, in each baby’s isolette. The respiratory therapist, arrived on the double, but the babies were all okay, on their oxygen and bubble. The nurse was baffled, and exclaimed in a tiff, “Is this really happening tonight? And on my third shift?” When what to their wondering eyes should appear? but a man in a suit, who loved the babies so dear. With a clipboard in hand, and a velvet satchel too, they knew at that moment; he must be St. NICU. He was dressed in red scrubs, from his tip to his toe, and wearing surgical gloves, so the germs would not grow! He was a jolly old fellow, with a few extra pounds, but that didn’t stop him, from making his rounds. He saw babies in boxes, with tubes and with wires, preemies and term infants, and their parent’s desires- To hold and to rock, to kiss and kangaroo, They had Christmas wishes, but only these few. Snuggling the little one, he wrapped him so tight, he handed the baby, to his Mum with delight. A smile arose from her mouth, with great joy, for this was the moment, she dreamed to have, with her boy. Visiting each baby, and their concerned parents too, He knew right there and then, there was something special about the NICU. Placing his hands, on each little head, kissing their foreheads, he winked, and he said- “Tiny babies so strong, with determination and might, so this is where you come, to live and to fight.” “To breathe and to grow, and to learn how to eat, what a difficult journey, but such an amazing feat.” He had a sparkle in his eye, and a hop in his step, as he approached the isolettes, and whispered secrets he’d kept...Continued in comments...💕
  • Believe it or not, my baby boy is with me in this photo. ‘Kangaroo care’ is a type of skin to skin contact that parents are encouraged to have with their premature babies. The babies are placed on the parents chest under a loose fitting top, and snuggled in with blankets. Its the closest thing to being back in the womb for premature babies, as they can feel their parents heart beat, hear their parents voice and smell their parents scent. In the past 5 weeks my world has gone from airports, press trips and pitches to a one mile radius around a hospital, in a city I don’t live in. I have been living in hospital accommodation in Sheffield since Theo was born as there was no space for him to be treated in Leeds. I have entered a new world that, at first, was totally alien and incredibly overwhelming (it still is to be honest). I have difficult conversations with doctors, surgeons and consultants every day and I am learning an entirely new medical language. My days at the moment are mentally, physically and emotionally draining, but the best part of my day is when I get to hold my baby for an hour, sometimes two. I sit in a chair next to his incubator. We’re still in a room surrounded by nurses and beeping machines, but when I close my eyes I imagine we are back home together, like we will be one day in the future. Scott took this photo of me when I fell asleep with Theo during kangaroo care, and to me it speaks a thousand words. Theo, my sweet baby boy, I hope that one day my mind will be blown that you were ever this tiny. From tiny acorns, mighty oak trees grow #prematurityis ❤️🌳
  • Welcome to the world Theodore William Hamilton 👶🏼💫 As today is his ‘1 month’ birthday, I thought it would be a good day to finally share his arrival with the world. On the 30th October at 7.18am I gave birth to our beautiful baby boy, Theo. Theo’s extremely early arrival came as a complete shock. Since then life has been a rollercoaster of emotions and challenges. What I have been through this past month goes against every convention of motherhood and maternal instinct you can think of. It has been the hardest thing I have ever been through in my life, but I am taking things one day at a time and trying to find the positives in everything. Theo is a determined little fighter and is making some really positive steps forward and we are staying strong for him. We won’t be able to bring him home until around his due date in February, and until then he is receiving the very best Neonatal care in hospital. He is the most perfect and precious thing I have ever seen in my life and Scott and I are completely in love. This is why I’ve been so quiet, and why I’m taking some time away from social media. I’m sharing a little more about Theo’s journey so far in my latest post. Link in bio ✨💙
  • Is anyone else getting excited about Black Friday tomorrow? Maybe it’s the Northerner in me, but I bloody love a bargain! It’s great for discounted Christmas shopping, but you can also get some incredible travel deals online as well. Be sure to visit the Expedia website (link in bio) to grab your discount coupon code, and also download the Expedia app to redeem hotel discount, plus amazing deals on flights and packages. Black Friday is the perfect excuse to start planning your 2019 travels. Comment with 3 of your dream travel destinations for 2019. Mine are Iceland, Mexico and Japan! 🇮🇸 🇲🇽 🇯🇵 Paid partnership with @expediaUK #BlackFriday #Expedia
  • The sand-coloured backstreets of Dubrovnik feel like a distant memory now ✨ I’ve taken a bit of an unplanned break from Instagram in the past few weeks as I’ve been thrown a major curveball in life, which I’m currently dealing with. But I’m doing OK and am going to update you guys properly soon. I didn’t realise I’d be missed until so many of you started to message me to see if I was alright! So just know I’m doing fine and will share a bit more with you in due course ❤️
  • Golden hour was my favourite time of day at the Lowes Portofino Bay Hotel... those reflections 😱 You’d never think this scene was in the heart of Orlando, right? Head to the blog to read my review of this Universal Studios hotel ✨🇺🇸

Subscribe

Never miss a post! Subscribe for Travelista updates and newsletters

Latest Video