17 December 2015
17 December 2015,

If you see this screen do not click it! Don't think that because you own a Mac you can't get a virus! Read my real life story of its disastrous consequences!!

Hacked website screen

Not long before Thanksgiving, a client had their site hacked. While I am far from an Internet security expert, I do understand that WordPress sites have numerous exploits, especially in the plug-ins and always take extra security measures such as installing Wordfence, adding a second layer of protection to the WP-admin and using strong passwords. 99% of the time if you've done those three things your site should be relatively secure or so I thought!

via WP Site Guardian: The Best Way to Stop WordPress Hackers

I managed to remove the malware several times, but it kept on getting re-infected. I could not understand why. Finally, I became aggravated enough and ignored the red screen you see above and went into the WP admin and upgraded to Wordfense Premium. Ironically, this was where I screwed myself. Even with the additional security added it still kept getting re-infected.

The problem was not anything I neglected; her site was on a shared host. You might not know what a shared host is. If you are using any of the most common hosts such as GoDaddy, hostgator, etc…you are on a shared host! Though most shared hosting companies will not admit it, you can be a victim of your neighbors mistakes.

I finally became aggravated enough to hire a security expert to come in and fix the problem. I thought my troubles were over, But they had just begun.

Here is where it all goes sideways…

A couple of days after, my computer started behaving erratically. I was thinking to myself I have a Mac and Mac's don't get viruses, but I installed antivirus software just to be safe. As Apple continues to gain a larger share of the market these scumbags that right malicious code will be writing more of it to target Apple users. The day before Thanksgiving my computer started crashing completely. Then, the infection spread to my laptop and iPad that I had connected to my network. I thought I could resolve the issue with Time Machine, but the infected files followed me into previous backups. Now my entire office was down. I had to run out and buy a new hard disk to back up my boot drive. After spending all of Thanksgiving day performing numerous disk in registry changes, I was able to get all my machines back running. There was no way I was going to the Mac store on Black Friday in Los Angeles!

I thought the nightmare was over, until a personal website I was building got hacked an hour after I had registered the domain. Obviously, somebody had access to my email. I then had to go through the onerous task of changing every password to every online account. I thought I had stopped the bleeding but then…

Saturday, I started to get alerts from my bank and credit card companies that someone was using my card to to run $500 purchases out of Walmart in Florida. I had to cancel all of my cards in the middle of a holiday weekend and now didn't have access to any cash.

If you've read this far, you might be thinking the same thing my client was. How would I stop this again?

I wondered the same thing myself. Was my only choice to use expensive dedicated hosts? Then, on December 12, 2015, WP Site Guardian was released. I found out about it, by watching a video the developers of the software made of a live hack on a WordPress Site by simply inserting some code into the comments field.

Watch this same video here…

Watch a live WordPress Hack hey

The problem is not in WordPress itself; they constantly update to close exploits as hackers find them. If you have a WordPress site, I highly recommend that you update every time.

The problem is in the plug-ins and themes because WordPress is open source anyone can write an  extension. WP Guardian would not have helped at the time because it was not available. When it was, I gave it a test run on one of my sites I believed to be safe and was shocked by the number of vulnerabilities it found. The fact is, anyone can write a WP plug-in and complete amateurs write many. On the opposite end of the spectrum, the more popular your plug-in is, the more people are trying to hack it.

WP Site Guardian finds, identifies, quarantines, and fixes any security holes you have in your WordPress site. It makes plug-ins that I thought that are the industry standard such as Wordfence look like a joke! At $27 for a single site license ($10 less than Wordfence Premium) and $37 for the multi-site license, it is a steal.

I am recommending this product so highly because had it been available at the time, it would've saved me thousands of dollars, gave me back a holiday weekend, and I still wouldn't be scrambling to change all my credit card info!

In summation, WP site guardian will soon become a necessity in any Webmasters Toolkit that is serious about the security of a website they control. I use it on this site, every other side I own and I install it on my client sites. Sure, it costs a couple of bucks for a license but now I sleep good at night, and you can not put a price on that!