Let’s back track a little to Christmas 2014. When I logged into my email account I didn’t expect to find 3 emails from Google saying all 3 of my websites hosted with Hostgator had been hacked. Not the best thing to see on Christmas Eve is it?
Because of all of this I will no longer be recommending Hostgator as a hosting provider. I have however found a new hosting company which I love. I’ve been with them for over a month now and I am extremely impressed. They’re name is SiteGround and I’ll explain why I love them over here.
Heading over to all my websites I found this:
This isn’t the exact image as I didn’t think of taking a screenshot at the time but this is what I saw.
I was pulling my hair out thinking how the hell did this happen. I started talking to my friends in the internet business world trying to get some suggestions on what to do next.
3 weeks later… No reply!
I got in contact with them on live chat and they just told me to submit a ticket. I had already done that and the only response I got from them was that they had handed it over to the security team. Well it’s been well over 6 weeks now and I still haven’t had a reply.
So the hunt for a new hosting company that would help was on.
HUNTING FOR A HOSTING COMPANY SUCKS
I spent 2 days looking for a good quality hosting company. I regularly follow Pat Flynn over at SmartPassiveIncome.com and he recommends BlueHost to people. After digging a little deeper into BlueHost I found that they are owned by the same company that owns Hostgator.
So it would be pointless moving there.
They scored really high on their speed which is a vital stat for how well you rank with Google. So I dug deeper to see what they offered.
I won’t get into why I chose them in this post but I have written a review about SiteGround so you can check them out if you’re interested.
MALWARE REMOVAL IS EXPENSIVE
SiteGround offered to migrate my websites over from Hostgator for me because I went with their GoGeek hosting package. Within 20 minutes I had all 3 of my websites moved across and their team emailed me saying they found malicious code in the transfer and told me where the code was.
They even told me how to remove it!
But I am pretty useless when I comes to coding and I didn’t know where to begin. They offered to do it for me but it would cost me £65 ($97.45 at the time) per website.
WHAT!? I was looking at £235 to remove the malware. Surely it can be done cheaper.
I went hunting around and found a service called Securi which scan and remove malware for you. It’s a hefty price of $299 per year but I wouldn’t have to worry about getting hacked again because they’d sort everything out for me.
I was about to purchase it, begrudgingly, until Ian made a new suggestion.
Ian suggested hiring someone over on Elance.com
His way of looking at it was to post the job on Elance to see how much people would do the job for. If the job would cost less than $100 he recommended going that route. This way I could get the job done 3 times and it would cost less than Securi would. If it would cost more than $150 he suggested to really think about going down the Securi route.
Now I have never outsourced anything before this. This is a brand new experience for me, but a fun one.
So I posted the job:
I have 2 websites which I have transferred to a new host that have been flagged as containing malware. Google has also flagged these 2 websites and another which in the transfer didn’t contain the malware. I would like all 3 to be looked at.
I need someone to go in and clean the code and remove the malware so I can submit all 3 websites to google for a review. If you can clean up the backend as well that would be appreciated but removing the malware is the main priority. I need all 3 websites back online so the SEO can start to improve.
Please tell me the price you would charge for this job.
The applications started coming in.
And that’s when I found Maninder.
MANINDER SAVED MY BACON. THIS GUY IS AWESOME!
I had an offer for $83 from a gentleman in Indian who said he could remove the code, increase the security, and submit all 3 of my websites to Google for submission in 1 day. So enter Maninder.
I put the money in Escrow, sent him the cPanel details he requested and away he went. I sent the details at 4pm.
In less than 24 hours I had emails from Google saying all 3 websites were squeaky clean!
Maninder sent me a detailed report with where the thought the intrusion happen, which happened to be from an out of date theme and WordPress installation on one website and the infection spread. He showed me a screenshot of That Fitness Dude, my fitness website of course, where the hackers had created multiple users to do their hacky stuff they do.
He removed those and improved the security of all 3 websites.
All for less than $100.
If anyone ever has problems with malware or their site being hacked I wholeheartedly recommend Maninder.
LEARN A LESSON HERE DUDES AND DUDETTES
Don’t think your website will never get hacked. I foolishly thought that and on Christmas Eve, of all times of the year for something like this to happen, I was put in my place.
Here are a few things you can do improve your security:
- Don’t have obvious usernames. E.g. Admin, LukeThomas, ThatMarketingDude. Instead use usernames like 1uk3Th0m4SR00cks!, IL0ve_JustinBieb3r!
- Have strong passwords. Use s3f#GnhF4 instead of ILOVECATS.
- Create regular backups with plugins like BackupBuddy.
- Use secure internet connections.
- Keep all plugins up to date.
- Keep WordPress up to date.
This is a great start at cheap too. You can also go with private servers and other things like this but if you’re just starting then what I’ve mentioned above is more than enough for now.
Let me know in the comments below if you’ve ever been hacked. Have you got something else that can be added to this list? I’d love to hear your stories and thoughts on this topic.
Keep safe dudes and dudettes
Love you bye!