The Best $5 per Month the Owner of a WordPress Website Could Ever Spend

This is the story of how I woke up this morning and discovered the number of visitors to one of my sites for the past few days was a big fat zero.

Not one.

This is unusual, and just a little bit scary.

No Traffic

At first I thought it was the slap-bang-wallop of a Google penalty (we’re all paranoid these days), so I checked my Google Webmaster Tools account for a notification email. There wasn’t one.

Then I checked Google to see if the pages were still indexed. They were/are.

Then I checked Google to see if the site ranks for its name. The home page doesn’t but inner pages do. (This is also a little scary, and worth watching for a few days, as the site should show up.)

After these simple checks, I breathed a sigh of relief and concluded that it wasn’t a penalty.

Another indicator that reinforced this was the traffic from other search engines had also dropped to zero, so to the referring sites. If it was a Google penalty, the other search engines and referrers would still send traffic, so I’d have some numbers to look at.

The drop in traffic happened four days ago, when every URL on the site was suddenly redirected to the login page. As we enjoyed a long-weekend due to a Bank Holiday here in the UK, I only noticed today (Wednesday).

After checking Google I started thinking about the chances of a hacker gaining access. I know the site is a constant target because I run the ThreeWP Activity Monitor plugin and it records several attempts at guessing the username and password every hour.

Recent attempts to login to my site. The username is yellow, the password is red and the domain is black.

Recent attempts to login to the site. The username is yellow, the password is red and the domain is black.

I checked the records for the previous few days and found the approximate time the redirects kicked-in – 22:05:40 on 3rd May.

If somebody gained access through the login page at that time, ThreeWP Activity Monitor would show the details. It doesn’t.

(Read my post on why you should never use the admin username and why you should always choose a difficult password.)

Maybe they logged in via FTP?

I checked the logs and found one entry from May; me, uploading a custom 404.php file. So, that wasn’t the way in.

Maybe it’s some rogue code in a plugin or theme?

I checked the installed themes and they are all legit StudioPress or default WordPress themes.

I concluded the point-of-entry must be a plugin.

That is, if it was the work of hacker and not something I had inadvertently done myself? I’m still not sure.

I checked the Analytics code was still in place, even though I knew it wasn’t the problem, as the JetPack stats also showed zeros.

I started deleting inactive and unnecessary plugins. I also updated the two that needed updating – nothing to worry about from them as they are both very well-known and widely used: WordPress SEO and a Pinterest plugin.

Finally, I checked the .htaccess file but couldn’t find anything wrong with it. I replaced it with another one just in case, and checked the site again. Nothing. The redirects remained in place.

After going through each of these processes without success, I switched to the $5 per month solution that saved my bacon – the backup on VaultPress (a backup and restore service owned and operated by Automattic, the parent company of WordPress). I checked the date of the last published post (30th April) against the ‘hack’ date (3rd May) and opted for a restore point somewhere in between.

By the time I walked away from the computer, made a coffee and returned to my desk, the backup was ready. I hit the restore button and a few minutes later the site was back to its former-glory.

restored

Soon afterwards, the numbers started showing again and traffic reverted to its usual level.

As it happens, I have a review of the VaultPress service brewing in my drafts. The service (controlled by a plugin) is provided by Automattic, the parent company of WordPress, and I highly recommend it.

I started using VP a few months ago as I needed a reliable backup service for my own sites and for those of a few clients.

The free backup plugins you find in the WordPress plugins directory work a treat, but restoring a site from a downloaded zip or sql file often causes problems. VaultPress takes all of the hard work out of each side of the process. I’ll complete the full review very soon and publish it.

In the meantime – thanks VaultPress!

PS I still don’t know exactly what happened, but that’s not the point of this story. The point is – prepare yourself for the worst as you never know when it’s going to happen.

About Stephen

Stephen is co-founder, chief writer and tech guy at FirePress. He shares his experiences of running an online business, blogging and social media. You can connect with Stephen on Twitter and Google Plus.

Comments

  1. Just signed up, thanks for this, really useful :)

  2. I was hacked in the early days of running a site and lost 6 months worth of, almost daily, articles. Since then I’ve had a VPS that backs up every week but this adds that extra daily layer :)

    Great stuff, thanks again.

    • Stephen says:

      Ouch! That’s a bitter pill to swallow. I’ve only been hacked twice, and the hackers never did much damage. I would have found it hard starting again if I lost six months worth of work. Well done for getting up and giving it another go!

      VP is great. I hope you never have to use it to restore a hacked site!

  3. WordpressUser says:

    I think it was a bug in All in one seo pack plugin
    two of my websites using that plugin just got hacked – the hacked changed the my password and uploaded a shell file to my server he then entered some shits into my wp table
    the only way I can think to protect yourself against hacking is to export content regularly and dont use outdated plugins

Speak Your Mind

*