Why I allowed my WordPress website get hacked

What happens if WordPress is hacked

It is no longer a question of IF but a question of WHEN.

This is not speculation, this is fact. I believe in hands-on experience. I allowed it to happen so that I could see what happens and further my knowledge. What better way to advise you on how to prevent a hack in the first place?

Two years ago I took the security off my site and waited. Two months later I was hacked. Yes, this is what I wanted. Then I watched and waited to see what would happen.

In the first instance you probably will not know that you’ve been hacked.

The early hack could easily have gone unnoticed. If you don’t do what I do for a living, then you would never have noticed it. A seed was planted and it sat dormant for a few weeks. Then, at a point when it was most likely all my backups would have been infected, the seed sprouted.

One month later there were 20,000 pages on my site. Yes, that’s TWENTY THOUSAND. All these pages were affiliated with various offerings where the hacker stood to gain a commission on any sales that were redirected. Literally spammed affiliate linking.

Then the website was Blacklisted and everything was lost.

A couple of weeks later Google’s algorithms spotted this and blacklisted my site. Once Google had done that, other blacklisting sites followed suit. So, if you tried to access my site you simply go a red screen informing visitors that the safe was unsafe and infected with Malware.

I lost all Google rankings and the entire content of my site. All the back-ups were corrupted.  I lost everything. This was great news because now I could work on getting a hacked site back again, but that’s another post.

If it was your website how would it fair, and what would be the true cost of a hacked website.

How do you make sure that your website is safe?

If you fail these tests you could fall victim to a hack at any time. This could have serious implications for your business.

Do you collect contact, customer or inquiry information via your website? If so your due diligence in protecting your customer’s data would fall outside of GDPR compliance.

Filed under: WordPress best practice, WordPress security