The Story: Sometime back in June my Blog fell victim to a hacker’s virus, along with hundreds of other WordPress users. I’ve since learned that this virus, the “rr.nu WordPress Virus”, has been around for a few years and comes in many variations , continually changing itself to keep ahead of web and WordPress security improvements. The infection manifested itself by visitors getting a web pop-op, warning that YOU had a virus and wanting you to follow their link to a fake anti-virus software for your money and perhaps your credit card number ~ obviously their ad was the virus. If you had good virus protection on your computer you would have received a warning that my site was infected. I don’t belive you could have walked away with the virus itself.
In the meantime, the virus was chewing away at my Blog underneath it’s normal appearance and eventually brought it down. Unfortunately I wasn’t posting to my Blog regularly, so I was completely oblivious to the fact that it was slowly deteriorating for at least a month In hindsight, during my last posting I noticed a few minor “quirks” as I used the WordPress admin section of my Blog but attributed them to the various programs I was using. It was not until a month later that a friend visiting my site alterted me to a problem, even sending me a screenshot of what she had encountered; thank you Ellen!! When I entered my WordPress Admin area I no longer even recognized it ~ it was almost jibberish by that time.
That began weeks of research and long hours of late-night programming fixes that only had the virus reappear within minutes at times, my hopes dashed time and time again. If I had a simple WordPress community blog, it could have simply been deleted, taking the virus along with it and a completely fresh blog started. However, I wanted to retain my own domain, the third parties I was set up with and especially my Blog name that I had posted under for over four years, just as it was; had I let the WP blog go that particular name is gone forever, to anyone. I couldn’t lose everything, now could I !
A virus isn’t, of course, some nebulous little critter filling it’s stomach on our web pages – it’s hundreds and maybe thousands of pages of programming jibberish that you learn to recognize as your “special” virus amongst the files in your server, interesting to see actually but it feels like the devil itself when you see them just everywhere. The fix is to eliminate them all, if you miss just one it’s repopulating and coming right back! During the end period where I was still convinced I could fix this curse myself, logic told me that after many failures I had a better chance to erase the virus with less pages of blogging, so it was my decision to push the delete button on four years of posts amd photographs. It was devastating really but I decided to spend even more foolish hours copying them in order to redo any I’d like to from that copy.
In the end, I had to give up; I could not fix this and neither could the good people who tried to help. A name that had come up in my research several times and finally recommended to me by my service provider was SUCURI . I contacted them online, paid my money for a year’s membership and within 15 minutes was notified that my domain was virus-free and completely back to normal… 15 minutes!! It is what they do. For some this will not be the answer especially since there is nothing commercial about my blog to seemingly warrant the expense – but for me it was the best money I have spent in a long time and I was elated! This efficient company will keep my domain virus-free with monitoring services and fix anything that happens to crop up along the way. My experience was that bad that I never want to see it ever again.
The Mistakes I Made: One thing I know for sure is that I have to bear some responsibility in opening the door to being hacked. This virus did not reach my computer but I believe that potential is always there with any gap you leave, they are always looking for that one small way in. I really believed I was web-smart and did all the right things to protect myself on the web but at the end of the day I left some holes, I got too complacent. I really did learn some things the hard way…
1. Keep your WorPress, third-party, plug-ins and theme updates current.
Although I’ll never know for certain, I believe this is how the hacker found their way into my Blog. My updates were not current, mainly because I’d hear of the quirks that resulted and didn’t want to deal with them so I put it off. What I didn’t realize was that these updates are mainly about security upgrades which keep ahead of the hackers. BIG BIG mistake on my part.
2. Eliminate any extra themes and plug-ins that you are not using.
Especially if they are not being updated, plug-ins are a common way in for hackers inactive or not.
3. Maintain your passwords.
A hacker is after your blog password once they are in and they got mine I’m sure. By the time I changed it, it was too late because they had infiltrated everywhere. It may be a wise thing to change it periodically as is always the advice.
4. Log-off when you are finished your posting session.
Another of my biggest mistakes, I didn’t worry about logging off because I would be back on and it was easier! I didn’t stop to think that the whole time I was logged on and not even present, gave the hackers programs lots more time to work on the weak links and get in. I log-off everywhere now! In fact I’m a little burned and my presence on the web is a lot less these days.
5. Install a good Anti-Virus Program(s).
I’ve always had good protection but was never certain of what exactly it was doing for me. I know now, will never crank at the cost again and I’ve added a few good free malware programs because there are just sooooo many bugs to fear out there and I have more than my Blog to protect. Do the research and there’s a lot available to help.
6. Monitor your Blog.
I sometimes don’t post for long periods but I do now enter the Admin area of my Blog at least weekly to have a look around and make sure things are “normal”. I’m convinced that catching the virus earlier would have had less drastic results. Another thing I do now is to have a look at my Blog as a visitor would now and again, I didn’t see any of the ad popups nor trigger the site warnings via my own virus protection in the early stages as my visitors did.
– I believe WordPress has a way for you to save a copy of your complete Blog so that you do not have to delete everything should your blog become infected. Elicit their help before taking such a drastic step.
– From what I understand now, images are not yet a way-in for a virus so there is no need to hastily delete those either as I did.
– Follow-up on any little thing that seems odd to you, it may be the start of something much bigger that can be fielded off now.
– SUCURI would have fixed my Blog while retaining all my content had I not already deleted my posts before I got to them; they did retain all that I had left.
The good news is that I can now move on from all of this nastiness and loss and my visitors, if they ever come back, can rest assured I have the safest site around. 🙂 However, it went beyond the physical losses for me as I lost a combination of photography and blogging that I enjoyed and which meant something to me ~ Pat. That was blown apart and the motivation to find my way back in a new way is proving difficult. Will just have to see…
In the meantime, I hope that what I learned through this will at the very least serve others who want to continue blogging safely.