Hundreds of hours of work gone. Forever.
She hadn’t visited her website in weeks but when she did all she saw was:
HACKED BY SECURITY CREWZ
I called the Hosting Provider and asked them to roll back the site. Unfortunately, the site had not been placed in the standard folder that the Hosting Provider automatically backed up. Even if the folder was in the right place the Hosting Provider only backed up daily for the past week. In this case, by now, her backups would be copied of a hacked site.
I had a look around at what remained of the file structure. It was a write off. The hackers had broken into her home and locked her out.
She now left with no choice but to go back to the original site developer and hope that they are able to redeploy the original build (minus the hundreds of hours of work updating the site since it was initially deployed.)
How do hackers do it? Software, and people, always have vulnerabilities. New exploits are always being found. New ways to access data and wreak havoc. Hackers don’t even need to visit the sites themselves. They can just set up “web-crawlers” that look for sites with known key words. Once the crawler finds a vulnerable site it notifies them and they can attempt to get in and ruin your day.
Why do hackers do it? Some people just want to watch the world burn.
How do you stop it? Keep your WordPress version up to date. Keep your WordPress plugins up to date. Use strong passwords. As a final precaution, backup your WordPress site on a regular basis.
The websites I build are always set up with a backup schedule so if this kind of thing had happened to one of my websites I could have restored the site in no time at all.
If you are interested in some peace of mind contact me to arrange a site appraisal. It’s a rough neighborhood and I’d hate to see anything happen to you…