There is nothing more irritating to learn that all your hard work is being compromised. A few months ago, a payday loan hacker got a hold of numerous websites that I own. They placed a code in the header and around a few other places. I did my best to remove the code, but they were still coming back.
I called my hosting company, GoDaddy, for some help. I paid about $14 for three months of security. They helped remove the other places this hacker snuck in some code. The remainder of those months, they continued to run a scanner on the website to make sure everything was in the clear.
Well, it has been a few months since the incident and I am back on track. I mean, I thought the websites were okay. That was until this morning when I got a message from Google. I was in my Google Webmaster Tools, and it said that JacquelynMarks.com, Mockingjaysummary.com and OnceUponaTimeABC.net were “Suspected Hacking.”
Ugh! Not again!
I read the information that Google provided. They offered a Google Safe Browsing check. I checked the websites by visiting http://www.google.com/safebrowsing/diagnostic?site=www.example.com. Just replace www.example.com with your URL.
It gave a simple report saying that nothing was infected. Thank goodness!
Next, I called GoDaddy.com and told them about the Google warning. The representative ran a check on all my websites. He said that everything was coming up clean. That gave me a little piece of mind.
My guess is this hacker was trying to get into the sites again. I changed all the passwords twice since the incident. However, I still want to take things a step further to protect myself. Yesterday, I was listening to a netcast that had Matt Cutts as a guest.
For those who do not know, Matt Cutts is the head of Google’s spam team. Well, he talked about a plugin that he uses on his WordPress blog. This plugin is called Google Authenticator. You will notice that this plugin has over 17k downloads.
I set up all my blogs with this authenticator. When you download the plugin, remember to set it up under each user who has access to the website. In addition, download the app for the mobile phone. That is how you will get the Google authentication code.
Be sure to scan the QR code or enter it into the app when setting up the plugin under the user’s profile. Otherwise, you will end up locking yourself out of your own website. I just named each one the title of that particular blog, so I know which code goes to what blog.
If you have any other tricks or tips on how to increase the security of a website, please comment below.
This photo is courtesy of Microsoft Clip Art