I have been using computers everyday for the last 12 years.
I even have a degree in IT and did some heavy IT security modules to obtain it.
I can't remember the last time I picked up a virus or had to reboot my computer because I'd been hacked.
Needless to say, whenever I came across an article about a blogger or website getting hacked, I used to laugh and say:
“Haha, what a newb, how stupid must you be to get hacked!”
I guess I'm not as smart as I think because only a few weeks ago my WordPress site got hacked and cost me over $900 in earnings over 4 day period.
How I got Hacked
I'm the type of guy who will never update the WordPress platform or plugins until I'm forced. The last time I updated my WordPress was over a year ago and almost all of my plugins required to be updated:
But everything was working fine on my website. I was scared if I did update it something would go wrong or no longer work like it should.
So I left it as-is for years.
Earlier last week I visited my website and noticed that every time I clicked a button or link on my site, a pop-up advert would appear.
I didn't install ads on my website so at first I figured my computer (not my website) was injected with malware.
After a quick scan my computer was deemed to be clean. I then asked my friend to check my site on his computer and he told me pop-ups were being served on every page.
Uh-oh.
I instantly installed the WordFence plugin to give my website a scan and here's what turned up:
I did some research and it turns out the eval, gzinflate and base64 is a backdoor virus that is injected from old plugins or brute force login attacks.
I had no idea how the injection happened or how to remove it correctly, so I did some research and found this awesome article that provided details
It was a little bit confusing for me since I don't use FTP that often so I hired an expert off Upwork to walk me through it.
Removing the Eval/Base64 virus off WordPress
The first thing I did was hire someone with experience in this kind of work. I went with the budget rate option freelancer first ($9 per hour), but they had no clue what they were doing and actually made my website worse.
I was in a panic and didn't even interview them, big mistake!
I went back to Upwork and this time hired someone who spoke perfect English and would walk me through the process over remote assistance.
We first ran the Wordfence scan again to find all infected files and deleted them.
Next I was told to change all my logins for WordPress and FTP which I did.
To ensure the backdoor had not been injected into other areas of the site, I was advised to delete all unwanted plugins (I had 17 inactive plugins) and to re-download all the plugins I currently used.
The same method was applied to themes, every unused theme was deleted and I reinstalled my current theme.
After replacing every file on my WordPress site (asides from the content) my website was clean and the virus removed.
Phew.
Then I got Hacked again….
When changing the password of a user account on WordPress, it has the option to log that user account from every device, I forgot to select this method when changing the password:
Thankfully I still had WordFence installed and was alerted right away when someone logged back in:
I don't live in Albania so it was quite alarming to see someone had logged into my site only a day after removing the virus.
I then had to hire the security freelancer again to go through all the steps we'd gone through a few days ago because they planted the same virus again!
After I got hacked the first time I should have secured my website by adding more security but I didn't. After the second hacking, I wasn't going to get hacked for a third time.
How I secured my WordPress site
My site had two admin logins and I decided to completely delete the one the hacker had access to. There was no need to have more logins than necessary.
Then I installed the IQ country block plugin. This is a free plugin that lets you block certain countries from visiting the frontend and backend of your website.
I blocked every single country in the world from visiting the backend of my website (that's the wp-admin on WordPress sites) except for the country I was living in:
And just to make it even harder for the hacker to get in, I downloaded the Custom Login URL to replace my wp-admin with a new login URL only I know.
4 weeks have passed and my site is running smooth!
Summary
I didn't have Wordfence installed until after I got hacked and it turned out my site (along with millions of others) are being brute force attacked every single day. It just happened that this time my site got hacked.
The whole ordeal took a week to sort out and cost me well over $900 in sales and freelancer costs. This could have simply been avoided if I took more measures to protect my WordPress website.
I strongly recommend everyone to download IQ country block, Custom Login URL and WordFence security to keep your website safe and secure.
Leave a Reply