How Not To Recover A Hacked Website

I have just spent the best part of 3 days recovering a hacked website. Read this so you don’t have to…

Last week I received 2 emails from software publisher Adobe informing me their products were being sold on my website without their permission.

Screen Shot 10-30-15 at 11.17 AM

The link went through to a page on thinkgenial.com full of nonsensical spam, however the same url in Google took visitors to a more sinister destination:

Screen Shot 10-30-15 at 11.14 AM 001

The page was redirecting through an iFrame (see bottom of below image).

Screen Shot 10-30-15 at 11.34 AM

A quick Google search of site:thinkgenial.com revealed 44 pages of results with around 40 pages being spam!

Screen Shot 10-30-15 at 11.06 AM

Luckily, despite the pages of spam results the site had not felt the full wrath of Google. I had to act quickly to make sure no further harm was done and avoid possible blacklisting.

Here is a step by step account of what I did… and what I should have done

Step 1: Installed anti malware plugins

What I did

If you are a WordPress user you will know there is a plugin for every occasion. I read good things about a couple of plugins. With a simple scan and following instructions I would detect the malware, delete it and the affected pages in short order, job done. I downloaded Wordfence and Sucuri and scanned for Malware, both drew a blank… Wordfence did show that the site was currently experiencing a ‘brute force’ attack from bots!

What I should have done

Found the last uninfected backup copy of my website and restored it.

Step 2: Restored the oldest backup available from my hosting company

When I found out my hosting company kept regular backups of my websites I thought brilliant, that’s that taken care of. I then turned off and deleted my backup plugins. Smart move I thought, no more bulky backups slowing down my website, one less plugin to update. The oldest backup on the server was 2 months old. I restored it, the problem remained, I believe the expression is Doh.

What I should have done

Remembered I had historic backups on the website. The plugins had been deleted but the backups remained in my uploads folder. I should have tried the oldest update which would not affect the content of my site and see if that worked.

Step 3: Began working through this post: http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/

I deleted themes and files as directed but the malware and spam posts were still there. The next step is to delete your whole website, files, database, the lot. So I did, with the aim being to reinstall the themes and re-upload content.

This worked. However, looking at my domain, bare of content, bereft of life, 2011 theme, that I thought, is there another way?…

What I should have done

Restored and updated the oldest clean copy and by this point I could have been enjoying a milky tea and Mcvities caramel digestive.

Step 4: Re-uploaded the latest backup of the site

Faced with the prospect of having to modify my theme and reupload all the content I balked. Visions of blank images, incorrect fonts and missized headers began turning through my mind… so I pressed reset and reuploaded the infected version of the site. Soon I had the comfort of looking at my website again as it should be, even if it was infected with malware with hundreds of extra pages of spam content.

What I should have done

Site restored and functioning fully I could have made another brew, maybe had some soup and see if there were any amusing felines on Youtube..

Step 5: Uploaded a clean backup

The chances of me finding anything remotely malware looking seemed unlikely. The worlds foremost malware scanners, processing thousands of bytes per second hadn’t thrown anything up, however I remained undeterred. While manually searching for malicious files I found some backups, would one be clean? I dared to dream… I checked the most recent backup available. The whole website seemed to be there, posts, images. I uploaded it. Using ftp this took quite a while. When it was done I visited a spam page – 404, boom! Back of the net!

What I should have done

With the malware a distant memory I should have given myself the morning off, maybe gone to a matinee of Spectre.

Step 6: Updated everything to latest versions, deleted unnecessary content, changed passwords

I could now see that the site was clean. The spam pages were gone and the Iframes waere no longer loading. I immediately updated to the latest version of WordPress. I updated and deleted themes and plugins. Then I changed the password.

Step 7: Repair and prevention

With hundreds of spam urls showing in Google I have begun submitting them for removal in Webmaster tools. The first 20 or so were removed the following day, a promising start.

I have installed a new backup plugin, Updraft Plus. It seems very good. I have started taking my own backups again.

Wordfence and Sucuri have both been installed and set to protect my site from malicious bots.

Lesson learnt

DON’T UNDERESTIMATE REPAIRING A HACKED WEBSITE AND TAKE BACKUPS!

Fingers crossed that’s the end of it… I hope if you were struggling with a hack this helped!

Genesis WordPress Theme Framework Review

genesis framework review

Do you want a good looking website? One that you as a beginner can install and easily customise yourself? Read on.

Getting Started With The Genesis Framework

I got my first WordPress site around 2 years ago and my first self hosted site 18 months ago. I am not a beginner now, though it feels like it sometimes. I am not a ‘tech’ person and have few graphic design skills.

When I started self hosting I wanted to do things as cheaply as possible. I tried quite a few free WordPress themes, using Athualpa for a while. If I was going to spend money I wanted to make sure it was well spent.

I couldn’t find a free theme that did what I wanted so I started looking at premium themes and found the Agency Theme on Studiopress.

I asked around and reports were good so I went ahead and invested the Genesis Framework and Agency Theme for $79.95. With a little help from a designer friend I had the Think Genial site. Since then I have redesigned the site and in its current incarnation, apart from the logo, the design work has been done by me (I am not a designer).

Since then I have built 3 websites myself using the Genesis Framework and free themes. 2 of these are making me money as affiliate sites and they haven’t cost me a penny more from my initial investment. All are hosted with TSO host for a total of£4.99/ month.

WordPress Frameworks

A framework is a set of computer code which sits on top of the WordPress Content Management System. It adds more functions to WordPress such as easier customisation, enhanced security and impoved SEO. There are 2 widely used WordPress frameworks – Thesis and Genesis.

Genesis

genesis wordpress framework

  • Recommended by WordPress founder, Matt Mullenweg
  • Used on over 96,000 websites
  • 40+ Child Themes
  • HTML5 support

Upload

You upload the Genesis framework through the WordPress dashboard like a theme. If you are using a Child Theme you upload Genesis first then the Child Theme. Any customisation is made to the Child Theme.

Child Themes

Agency                                  Copyblogger (free)              Genesis (free)

agency themecopyblogger themegenesis theme

There are 40+ Child Themes to choose from and there really is something for everyone. The 3 themes I have used are shown above. They are all great themes, and I am a particularly big fan of the Agency Theme. It is straightforward to modify things like the colours, fonts, logo etc. and if you want to make more advanced customisation the support forum is jam packed with useful info.

Support

  • 65 Genesis Framework tutorials available
  • Tutorials for all paid themes
  • Expert moderators on forums
  • Learn everything from how to change design, add logos and customise just about everything in forums

SEO

SEO optimised out of the box. I recommend the free WordPress SEO plugin for further optimisation, though plenty of options available in Genesis.

Updates

When updates are available you will be notified through the dashboard. NB. Make sure you have the latest version if updating any Genesis plugins. Updating the plugins first has caused my site to go down. I needed to go into the FTP to fix it (it could not be done from the WordPress dashboard).

Genesis 2.0

In August 2013 Genesis 2.0 was launched. Security, SEO and site speed have all been enhanced. The biggest change though has been the addition of HTML5 support. HTML5 is increasingly being used in web design, particularly for mobile sites and apps. Genesis 2.0 puts your website at the cutting edge of design capability.

Plugins

There are quite a few great Genesis-only free plugins. Here are a few:

Genesis Hooks: Allows you to add bits of code without having to go into the CSS. If you want to easily add code for things like Facebook buttons or advertising you can use this plugin (tutorial available)

Footer Widget: If you want to add more footer widgets, use this

Design Palatte: Change the colour of backround, text, links and borders with a few clicks; change fonts too.

Who?

These big shots recommend Genesis.

who recommends genesis theme

Conclusion

If you are starting out with your first self hosted website I would take a look at the Genesis Child Themes. If you find one you like its worth spending $80. If you did want to make further websites you can do so for no additional cost. If you need more Child Themes they are $25 each once you have the framework.

There is an option to buy rights to all the paid themes for $349.95. I wouldn’t go for that unless you are a developer.

The all inclusive package has recently gone up $50 from $299.95 to $349.95. If you are considering making the purchase I would think about buying now to avoid any price increases. There is a 30 day money back guarantee if you change your mind.

Click here to visit the marketplace>> StudioPress Marketplace

* edited 28.08.13

Who Is Your Blog For?

Blogging Strategies – Who is your blog written for?

1. Your Customers

One classic company blogging strategy is to draw in potential customers with useful content and over time some will become buyers.  Typically a wide variety of topics are covered using this strategy.

This works well if your company is an established brand or if you have leading experts to impart information. The experts don’t necessarily have to work for your company, they could write guest posts for you.

If you are using this content marketing strategy, it is useful to have calls to action and use landing pages to move prospective customers along the sales funnel.

2. A Segment of Your Customers

The trouble with audience 1 is that unless your company is an established brand or you have leading experts contributing to the blog it can be hard to stand out from the crowd.

If you are a small company you might not have the resources to allow you to compete with larger companies pursuing a similar strategy.

Once way round this is to focus in on some niche content which appeals to your customers. If you are a local business it could be that you relate your content to the local area, or it could be that what you write about is highly focused on one specific topic that appeals to a section of your target market.

If you were a garden centre using this strategy for example, you could write all about Lillies: the different species, where they grow best, how you look after them, what animals they encourage etc.

That way you may soon have one of the top blogs on Lillies! The chances of you quickly developing a top blog on general gardening on the other hand are next to none.

3. Your Peers

If you are seen as a leader in your field there could be a case for focusing on content for your peers.

If you manage to build an audience amongst your peers with great content you will find they will link to you from their own websites and share your stuff.

If you are seen as an industry leader you are more likely to be asked to comment on industry news. This gives you access to a much greater audience, drives traffic to your website and generates more quality links.

4. Other Bloggers’ Audiences

Writing guest blog posts can be a great way to grow your audience. If you can find another blogger in your niche who needs content they may well be willing to have you write a guest post.

This gives you access to their audience and some of their readers might well like your stuff and become regular readers of your blog. Having links from other blogs can drive traffic to your blog and help your site climb the Google rankings.

5. Your Customers (pt 2)

Rather than producing useful content for your customers you could focus your company blog on connecting with your customers.

This strategy has been used to great effect by large corporations such as Microsoft and General Motors, maybe it can work for you too.

Using this strategy it would be typical for the head of your company and other company leaders to blog about their interests. They may also give their view on industry goings on and new products (like with 3).

As always, feel free to comment :)

 

Joe