So there’s the “I was drunk or emotionally volatile and said something dumb online” version of “I got hacked,” then there’s the “What the hell are these random links in our blog posts?!” version. The latter happened to my cohost and I.
Now, it could’ve been worse. Our site could’ve pointed to something salacious or “for the grown folks,” but we ended up with links on a few articles to really crappy UK-based personal finance sites. By the way, why do random links going to the UK always end up being unsavory? No disrespect to my friends across the pond, but I’ve noticed a theme with these “bad links.”
How did we find out?
We’ve had a few occasions where we’ve gotten a comment on our blog and then when we revisited the article where said comment appeared, there were random links to stuff we’d never endorse. In fact, this happened recently and since I was awake dealing with my sleep issues, I decided to investigate.
Upon logging into WordPress (my content management system of choice), I immediately went to the User section to see if a stranger danger had access. Much to my dismay, I saw an entry for “admin” and this account also had administrator level access to the site. That’s not something I’d ever set up because that’s a username hackers commonly attempt to use when they wanna do bad things to your WordPress.
Here’s the thing: Every site is vulnerable to being hacked. We see it with large companies all the time; companies that have well-paid engineers whose full-time jobs are to ensure this doesn’t happen. So I don’t know if we could’ve avoided this, but I do think we could’ve been more vigilant about reviewing access logs to see if any funny business was happening and keeping our plug-ins up to date. I’ll take that L.
What did we do?
After grabbing a couple screenshots, I hastily deleted the fake “admin” account along with the accounts of a few former team members and reactivated the “Limit Login Attempts Reloaded” plug-in, which allows you to not only set the number of password attempts but also how long they’re locked out after reaching the limit. As you’ll see in the screenshot below, the hacker tried to log-in again and do their thing and was met with failure. Based on me putting this out there, I expect they’ll come for this site but I’m willing to take that chance and have done what I can to protect it. *squares up and waits*
The next step was to activate Wordfence (you can install it from within WordPress), a trusted security plug-in that monitors your site for log-in activity, password reset attempts, changes to code and other behaviors that could signal mischievous digital activity. You can even set it up to automatically email you when there’s a flagged event.
Yes, you may get emails about your own or a team member’s activity, but this is better than having to worry about logging in everyday to see if anything’s gone wrong. I believe if we had this installed, I’d have been notified about the log-ins and changes to posts or files on the website. In a way it would’ve been “too late,” but the sooner I noticed the sooner we could’ve got them out the paint and the less posts we would’ve had to clean up afterwards. Please know it required going post by post looking for weird stuff. Not fun. Not fun at all.
If you haven’t been thinking about your current or future site’s security. Now is a good time. We were lucky it didn’t turn out worse, but best believe we’ll be on our 👀 going forward.