What to do if your WordPress website gets hacked

WordPress has gotten very popular and also has become the target of would-be hackers. I have learned first-hand what it is like to have a WordPress website get hacked, how to deal with it, and how to prevent it from happening again. The good news is – it’s easy to recover from a hack if you have the right tools.

What may be undesireable news is that as the owner of your WordPress world, you really do need to take security seriously by reading up on it and taking the necessary actions to protect your websites and your computers from being infected by malicious code.

Here is my story:

One day, I went to look at one of my websites that I don’t update very often and to my surprise, there was just a white background with bits of code and some Japanese characters. I immediately got in touch with my web host, Dreamhost, and sent a support ticket. My ticket was referred to their security department and while I was waiting for their response, I went over to Sucuri.net and created a ticket there where I have a paid account for dealing with this type of situation.

While I waited for help from Dreamhost and Sucuri, I set to the task of restoring my site. I discovered my site had been down for 5 days and I didn’t even know it. I had kind of a sick feeling in my stomach as I fetched a backup from my cloud storage and thought about the negative impression this could have had on site visitors.

Sucuri responded fairly quickly with a report and recommendations for how to clean up the hack. To restore my site, all I needed to do was replace the wp-config.php file with a non-corrupted version. That was easy since I had a backup. I restored my site using FTP in a matter of seconds.

Dreamhost also responded with even more detailed guidance on how to clean up the mess and how to prevent this from happening again.

The work ahead of me was to go through the process of cleaning out old WordPress installs under that FTP user, updating all of my active sites, changing the FTP user password (and giving the user Shell access which is more secure), then purchasing an anti-virus program for my computers to make sure I didn’t “catch anything” from the web. I bought Kaspersky for Mac for $19.97/year, which detected 99 threats on my iMac (most of which were Windows-targeted and did not affect my machine that I am aware of).

This whole process took my about 2 days from start to finish. Once it was all said and done, it was quite a relief to know that my websites and machines were clean. So to save you the hassle of getting hacked, here are my top 3 security guidelines to follow with your WordPress websites:

1) Keep all of your WordPress software up-to-date, not just the core, but also the plugins and theme you are using. Delete any unused plugins or themes you do not need. Use BackupBuddy to backup regularly, store and restore your site (if needed). This means you will need to log in regularly and pay attention to the update notifications.

2) Use a secure password for your admin user and for your FTP user. Store your secure passwords securely – keep them in a spreadsheet saved on your computer or a USB stick (and don’t name it, “My Passwords”). Change your passwords from time to time.

3) Use Sucuri.net to routinely scan your site and to alert you if malware is detected. The investment is small compared to the amount of time you would spend monitoring and fixing things yourself. Sucuri will clean your site and give you help with preventing a future hack.

There is much more to know about WordPress security so I highly recommend you also read this guest post on ProBlogger.com by Anders Vinther of The WordPress Security Checklist. I like how he compares having a WordPress website to having a dog – it is a real responsibility that needs regular attention!

http://www.problogger.net/archives/2012/08/29/top-10-wordpress-security-myths/

How to upload an image to your WordPress media library

How to upload an image to your WordPress media library

This is a short video tutorial showing WordPress users how to upload an image to their WordPress media library. For more WordPress video tutorials, visit Cat’s YouTube Channel.

Claim your Facebook Place Page without a cell phone?

So I am probably one of the last remaining tech girls without a web browsing plan on her cell phone.  Big deal – or not?  I’ve got a MacBookPro that works just fine for me and I since I am sensitive to EMF’s (electromagnetic frequencies) that radiate from cell phones, I actually prefer browsing the web, sending text messages using Google voice and checking email with my laptop.

Today my task is to find out how to claim my Facebook Place Page without the use of a cell phone.  Turns out, I can access the mobile version of Facebook (touch.facebook.com) just fine with my laptop browser (using Firefox).  The page spreads out to fill my screen, I can post my location, access my personal profile, my Facebook email inbox, my photos, and my news feed.

Screenshot of touch.facebook.com on my laptop

Screenshot of touch.facebook.com on my laptop

It seems the only thing I can’t do is “check in” which instantly reports my activity and location to my Facebook friends.  When I click the “check in” button, I get the repeating “loading” icon and it never resolves.  This is a bummer!

Hangup

can't check in!

Got a mobile device and want to claim your Facebook Places Page for your business?  Go to http://touch.facebook.com/#places.php and follow these directions from Facebook:

  1. Access the Places application on your supported device.
  2. Click “Check In.”
  3. Click the “Add” button to the left of the Places Names search box.
  4. Enter a name for the new Place as well as an optional description of it. Then, click the “Add” button at the bottom right of the page.
  5. You will then have the option to both write a description of what you are doing at the new Place, and/or tag your friends there
  6. Click the “Check In” button to share your visit.

The default location for any new Place you create will be where you are currently located. Also, keep in mind that any Place that you create is public. This means that other people may see your created Place while browsing Facebook or the Places application.

Please keep in mind that only official representatives of a business can claim the Place on Facebook. Click here to learn more about the benefits of using Facebook Places for your business.

Here is the official Facebook video on how to edit your Facebook Places privacy settings:

And here is the complete Facebook FAQ on Facebook Places: http://www.facebook.com/places/#!/help/?topic=places

At the end of my quest, the answer for me: wait until Facebook merges Facebook Pages with Facebook Places.  Then I should be able to update my Facebook Place on my Facebook Page.

AWeber improves email stats for targeting your list

Another reason to use AWeber: AWeber email marketing service just added more detailed email stats for targeting your lists.  For example, you can find out who did not open your email campaign and then choose to send just those folks another email.  Here is a short video outlining the new email “Quick Stats” feature:

Load WordPress FAST with Dreamhost, Amazon CloudFront and W3 Total Cache Plugin

First of all, why speed up your site?  The search engines now look at page load time to give your website a good page rank.  Plus, you may easily lose potential sales or email captures if your site takes more than a second to load!

My quest for faster load time information led me here: http://www.larre.com/2010/01/24/amazon-s3-and-cloudfront-with-wordpress-and-dreamhost/ – a blog post about using Amazon CloudFront with my web hosting company, Dreamhost to create a CDN (content delivery network) to spread out the http requests from users (thus decreasing load time).  Turns out, my favorite web hosting company, Dreamhost, is not only a green web hosting company, but is the first to roll out this new feature!

Dreamhost/Wordpress users, here are the steps involved:

1) Deactivate and delete any other caching plugins you may already have installed on your WordPress site.  Verify they are completely deleted using your ftp program to make sure the plugin folder is REALLY gone.

2) Create an Amazon AWS Account. Please note: it may take several hours for your account credentials to be functional.

3) Log into your Dreamhost web hosting panel and go to “Goodies” –> Amazon CloudFront.

4) Copy your Amazon CloudFront settings into the Dreamhost settings and click “Create CloudFront.”  Dreamhost automatically creates the new CloudFront bucket for you.  It will appear in your AWS Console after it is created.

6) Install W3Total Cache DEVELOPER version.

7) Activate the plugin and enable CDN only.

8 ) Configure the CDN settings and click “create bucket” then “test.”

9) Upload the media library, includes files, theme files and custom files to the CloudFront using W3 Total Cache , the AWS Management Console or S3Hub (for Mac) or the Firefox add-on S3Fox (for PC).

10) Make sure you set the ACP (permissions) to “Read Only” for “All Users” or “Everyone” otherwise your images and other content may not show up.  Here are the screenshots for using S3Hub:

Read up on how to use Amazon CloudFront.  Also you may want to take advantage of the new AWS default root object feature for enhanced security.  Let me know how it goes!

P.S. I am an affiliate of Dreamhost as well as a user and a big fan (as you can tell!).

Nevada County Business Owners: Get connected Thursday, June 24, 2010

From Nevada County New Business Network (Jesse Locks): On Thursday, June 24, 2010 at the Holiday Inn Express in Grass Valley, CA, the Nevada County Economic Resource Council (ERC), Nevada County New Business Network, and HWare (Brenda Horton) will present a Small Business and Entrepreneur Seminar for local business owners and entrepreneurs.  This free three-hour seminar will cover the many business resources that are available to business owners and entrepreneurs, including starting a business in Nevada County – the demographics, industries, and markets; public funding and private lending opportunities; advertising, marketing and promotions; sustainable business practices; and social networks.

Hear from trusted and knowledgeable business experts and professionals from the ERC, SEDCorp, the One-Stop Business Center, GROWSierra Foothills, Private Industry Council of Butte County, City of Nevada City, City of Grass Valley, and Sierra Commons.

Connect with other local business owners and organizations that can help you succeed. The Nevada City Chamber of Commerce will introduce the area’s many local professional organizations including Business and Professional Women, Soroptomist of Nevada County, The Exchange, Rotary, Local Green Sierra/Green Drinks, Think Local First, WHEEL, and SIGBA among others.

What: Nevada County Small Business and Entrepreneur Seminar Presented by Nevada County Economic Resource Council, New Business Network and H-Ware
Date: Thursday, June 24, 2010
Time: 830am Registration, 9am-noon Seminar
Where: Holiday Inn Express, 121 Bank Street, Grass Valley, CA
Tickets: Free, Space is limited please RSVP to jesse@ncerc.org
Info: Jesse Locks, (530) 274-8455 or jesse@ncerc.org

See you there! Bring lots of business cards!

2 great plugins allow you to add tables and add a Favicon

In this post, I am showcasing a few plugins I’ve tested that add functionality to your WordPress website:

1) Add custom tables with MCE Table Buttons plugin

This plugin allows you to insert a table to your specifications right within the WordPress WYSIWYG editor by adding buttons to the kitchen sink.  As you can see here,

You can give your whole table a… background color
then go back and make changes if you want to remove a color… or change the color

2) Add a favicon with Favicons by Ioane.  A favicon is the little image that appears on the left side of the tab of your browser like this:

To transform your own image into a favicon, use this Favicon Generator.

How to discover image dimensions using Firefox and Web Developer Tools

This tutorial shows you how to use the Firefox add-on, Web Developer Tools, to discover the image dimensions and  the URL and on a website.  You may need this kind of information to replace images that come with a WordPress theme or find out where images are being hosted on a server.  To begin:

1) With Firefox open, install the Firefox add-on, Web Developer Tools

2) Re-start Firefox when prompted

3) Go to the Firefox Menu—>Tools—>Web Developer—>Images—>View Image Information and Firefox will open a new tab for you listing all the image information you need.

Any questions? Feel free to leave a comment.

How to add audio to your Facebook Page (video tutorial)

How to add audio to your Facebook Page (video tutorial)

Have you noticed streaming audio on Facebook lately?  Here is a video tutorial and a how-to guide on adding audio to your Facebook page:

1. Upload your audio file to SoundCloud.

2. Make sure the sharing is set to “public.”.

3. Copy the link and paste it in the”status” area on your Facebook page.

4. Optional: add a description in the text field above the link and a short link back to your site.

5. Click “Post” to publish the audio.

Your audio will now stream live on Facebook!

Live WordPress Training in Nevada City, CA

Add a Facebook “Like” button to your WordPress self-hosted blog

Now that Facebook is spreading out across websites all over the internet, you, too can join in on the connectivity by adding some code to your WordPress self-hosted website or blog.  With credit to Ruhani Rabin’s post, here’s how to do it:

(*make sure you have a backup copy of all your template files before you do this!)

1) Log into your WordPress backend.

2) Go to Appearance: Editor

3) Open single.php

4) Place this code right before <?php the_content(); ?>

<iframe src=”http://www.facebook.com/plugins/like.php?href=<?php echo urlencode(get_permalink($post->ID)); ?>&amp;layout=standard&amp;show-faces=false&amp;width=450&amp;action=like&amp;colorscheme=light” scrolling=”no” frameborder=”0″ allowTransparency=”true” style=”border:none; overflow:hidden; width:450px; height:60px”></iframe>

5) Click “update”

6) refresh your blog page and see the new Facebook Like button at play!

And if you don’t want to delve into the code, use this super easy plugin by Todd Williams!