• Home
  • About Us
  • Advertising opportunities
  • Contact Us

Associate Programs

  • Articles16 Yrs of Expert Advice
    • Advanced Articles
      • Branding
      • Business Partnerships
      • Conversion Rates
      • Datafeeds
      • Employees
      • Geo-Targeting
      • Interactive Websites
      • List Building
      • Membership Sites
      • Outsourcing
      • Super Affiliates
      • Visitor Created Content
      • Web Video
      • Your Own Program
        • Affiliate Program Management
        • Recruiting Affiliates
    • Affiliate Resources
      • Affiliate Blogs
      • Affiliate Networks
      • Affiliate Tools
      • Affiliate Training
      • Books And Courses
      • FREE Marketing Courses
      • Free Software
      • Merchant Resources
      • Recommended Newsletters
      • Research Competitors
      • Residual Commissions
      • Tracking
    • Beginners Articles
      • Affiliate Marketing Success Stories
      • Affiliate Training
      • Building A Website
        • Web Content
        • WordPress Plugins
      • Business Training
      • Getting Started
        • Business Ideas
      • Getting Traffic
        • Link Building
        • PPC Advertising
        • Search Engine Tips
        • Social Media
      • Goal Setting
      • Monetizing A Site
      • Motivation
      • Time Management
      • Writing Tips
    • Intermediate Articles
      • Blogs
      • Buying Advertising
      • Ebook Publishing
      • Ezine Publishing
      • Getting Publicity
      • Improving Sales
      • RSS
      • Squeeze Pages
      • Video
    • News
    • Product Reviews
      • AdSense
      • Affiliate Manuals
      • Autobiographies
      • Blogging
      • Content Packages
      • Keyword Research
      • Link building
      • PPC
      • Product Creation
      • Search Engine Optimization
      • Site Building
      • Traffic generation
      • Useful Newsletters
      • Useful Tools
    • Newsletter Archive
      • 1998 Newsletters
      • 1999 Newsletters
      • 2000 Newsletters
      • 2001 Newsletters
      • 2002 Newsletters
      • 2003 Newsletters
      • 2004 Newsletters
      • 2005 Newsletters
      • 2006 Newsletters
      • 2007 Newsletters
      • 2008 Newsletters
      • 2009 Newsletters
      • 2010 Newsletters
      • 2011 Newsletters
      • 2012 Newsletters
      • 2013 Newsletters
      • 2014 Newsletters
  • Recommended ResourcesThe Actual Tools and Resources I Use
  • Affiliate Program DirectoryFind Affiliate Programs to Promote
Home How My WordPress Site Got Hacked Twice In One Week

How My WordPress Site Got Hacked Twice In One Week

I have been using computers everyday for the last 12 years.

I even have a degree in IT and did some heavy IT security modules to obtain it.

I can't remember the last time I picked up a virus or had to reboot my computer because I'd been hacked.

Needless to say, whenever I came across an article about a blogger or website getting hacked, I used to laugh and say:

“Haha, what a newb, how stupid must you be to get hacked!”


I guess I'm not as smart as I think because only a few weeks ago my WordPress site got hacked and cost me over $900 in earnings over 4 day period.

How I got Hacked

I'm the type of guy who will never update the WordPress platform or plugins until I'm forced. The last time I updated my WordPress was over a year ago and almost all of my plugins required to be updated:

 

picture 1

But everything was working fine on my website. I was scared if I did update it something would go wrong or no longer work like it should.

So I left it as-is for years.

Earlier last week I visited my website and noticed that every time I clicked a button or link on my site, a pop-up advert would appear.

I didn't install ads on my website so at first I figured my computer (not my website) was injected with malware.

After a quick scan my computer was deemed to be clean. I then asked my friend to check my site on his computer and he told me pop-ups were being served on every page.

Uh-oh.

I instantly installed the WordFence plugin to give my website a scan and here's what turned up:

picture 2

I did some research and it turns out the eval, gzinflate and base64 is a backdoor virus that is injected from old plugins or brute force login attacks.

I had no idea how the injection happened or how to remove it correctly, so I did some research and found this awesome article that provided details

It was a little bit confusing for me since I don't use FTP that often so I hired an expert off Upwork to walk me through it.

Removing the Eval/Base64 virus off WordPress

The first thing I did was hire someone with experience in this kind of work. I went with the budget rate option freelancer first ($9 per hour), but they had no clue what they were doing and actually made my website worse.

I was in a panic and didn't even interview them, big mistake!

I went back to Upwork and this time hired someone who spoke perfect English and would walk me through the process over remote assistance.

We first ran the Wordfence scan again to find all infected files and deleted them.

Next I was told to change all my logins for WordPress and FTP which I did.

To ensure the backdoor had not been injected into other areas of the site, I was advised to delete all unwanted plugins (I had 17 inactive plugins) and to re-download all the plugins I currently used.

The same method was applied to themes, every unused theme was deleted and I reinstalled my current theme.

After replacing every file on my WordPress site (asides from the content) my website was clean and the virus removed.

Phew.

Then I got Hacked again….

When changing the password of a user account on WordPress, it has the option to log that user account from every device, I forgot to select this method when changing the password:

picture 3

Thankfully I still had WordFence installed and was alerted right away when someone logged back in:
picture 4
I don't live in Albania so it was quite alarming to see someone had logged into my site only a day after removing the virus.

I then had to hire the security freelancer again to go through all the steps we'd gone through a few days ago because they planted the same virus again!

After I got hacked the first time I should have secured my website by adding more security but I didn't. After the second hacking, I wasn't going to get hacked for a third time.

How I secured my WordPress site

My site had two admin logins and I decided to completely delete the one the hacker had access to. There was no need to have more logins than necessary.

Then I installed the IQ country block plugin. This is a free plugin that lets you block certain countries from visiting the frontend and backend of your website.

I blocked every single country in the world from visiting the backend of my website (that's the wp-admin on WordPress sites) except for the country I was living in:

picture 5

And just to make it even harder for the hacker to get in, I downloaded the Custom Login URL to replace my wp-admin with a new login URL only I know.

4 weeks have passed and my site is running smooth!

Summary

I didn't have Wordfence installed until after I got hacked and it turned out my site (along with millions of others) are being brute force attacked every single day. It just happened that this time my site got hacked.

The whole ordeal took a week to sort out and cost me well over $900 in sales and freelancer costs. This could have simply been avoided if I took more measures to protect my WordPress website.

I strongly recommend everyone to download IQ country block, Custom Login URL and WordFence security to keep your website safe and secure.

Aug 15, 2016Harvie
Here's How You Go From 1 Sale to 100Pull and Push Marketing - When To Use Both

Leave a Reply Cancel reply

Harvie

I'm Harvie Kalazaki, a UK expat who lives in Thailand helping small businesses do better with their online marketing along with running several of my own sites in various niches.

6 years ago Beginners Articles91
Recent Posts
  • When to Use Black Hat Marketing (Almost Never)
  • How Much Money Do You Need to Start an Online Business?
  • 3 Emails You Need to Send When You Have an Ecommerce Store
  • How to Start an Ecommerce Business 24 Hours
  • Drive Targeted Traffic using The $5 Facebook Ad Strategy
Latest Directory Listings
SG Health

Make money with multiple health affiliate programs and unique offers. This is a two-tier program paying residual commission of 30% on the first tier plus 5% on second tier sales. no minimum payout, unlimited cookies, get paid every 2 weeks. Sign ...

Exotic Nasal Spray

Exotic Nasal Spray is an advanced new technology uses a tried and tested unique blend of 9 herbal ingredients, which work together to help combat erectile dysfunction and premature ejaculation. Affiliates earn 50% commission on sales.

Never an Outbreak

Never an Outbreak offers a proven, all natural treatment to prevent cold sores and genital herpes outbreaks caused by HSV 1 and 2. With over 65,000 satisfied customers already, Never an Outbreak's protocol has shown itself to be effective in all...

Audio Book Fest

Thousands of audio book titles across various genres from well known publishers such as BBC, Simon & Schuster, Time Warner and Harper Collins. Instant download after purchase. MP3 format available. Free samples available. No monthly subscription f...

Moonshadow Rainmaker

The Moonshadow Rainmaker is a free book browser with tens of thousands of books. You can plug it in to your website or blog. The Rainmaker will generate referral fees for you by sending customers to Amazon and other vendors. Add a free Rainmaker t...

Other Pages
  • Create an Account
  • Directory Dashboard
    • How to submit an affiliate program
    • Add an Affiliate Program
  • Advertising Opportunities
  • About Us
  • Contact Us
  • Disclosure & Other Legal Stuff
  • Privacy Policy
Proudly hosted by Cloudways

We wanted the fastest WordPress hosting, so after tons of research, we picked Cloudways and couldn’t be happier.

Copyright © 1998 - 2020 AssociatePrograms by Bedrock Co. All rights reserved. View our Privacy and Disclosure policies.