Well, one of my sites was hacked last week, just before the story broke about Talktalk, so I thought I would just document my experience and let people know the lessons I learned about website security.

I have been doing a lot of editing on the site that was affected (Not this one), and I first noticed there may be a problem, when it was taking ages for any of my edits to be saved, and it was even slow just selecting menu options in the control panel of my WordPress site. Now there are a number of possible reasons for slow response, such as:

  • Computer problem
  • Internet Connection
  • Website Server traffic
  • Website Themes/plugins
  • Local viruses or malware
  • Server-viruses or malware

I therefore had to work through these to eliminate them in turn to see which was the root cause. The first two potential causes were eliminated by trying a different computer on a different internet connection, which resulted in the same slow response. I was using a new and complex wordpress theme, so I thought maybe it was this that was causing the problem, although the fact that the whole WordPress control panel was slow seemed to eliminate the theme as the source of the problem. I had run my local anti-virus/malware scan and that yielded no problems, so it looked like it was probably a website server issue.

I then contacted my website hosting service, to see what they said about this. Their initial response was ‘there is a high traffic load on the server at present, response is just due to high traffic’. I was not sure about this, so I started to look in more detail into the response, using a very useful website at www.getmetrix.com . This site allows anyone to get a detailed analysis of the response time of any website (for free!) and was crucial to this investigation. I could now see that there were significant delays during the loading of any page, that were not explainable by any of the above issues except the delays must be originating server-side. I went back to the hosting service with this data, and eventually they found that one of the files in my website code had some unexplained binary code in it, that must be malicious and must be causing the delays.

At this point they then acted very fast, and suspended the website, backed-up and then deleted all the code on the site, and told me to create a new WordPress instance and restore the database content (this was not corrupted). Eventually I restored everything and the site was now running fine.

Morals of the story:

  • Backup, Backup, Backup! If you lose your content tomorrow what will you do? Regular backups ensure you should at least be able to restore most of your content to an earlier build before any corruption
  • Strong Passwords – don’t use passwords that hackers can guess!
  • Security Plugins – install them to protect your website