35

Managed WordPress Hosting To Fix WP Security Problems

broken blogWordPress Security Problems

Here’s how I tackled my security problems by moving to WordPress Managed Hosting! I hope this post will be helpful for anyone who has had these problems and is at their wits end to know how to solve them. Like I was.

This post, originally written at the end of February, has now been updated to reflect my first three months with Pressidium.

Regular readers will have seen my earlier posts  – probably too many over the months to mention individually – stressing about my poor hacked blog, despite all the security measures I had tried to take.

Catch up on the history of my WordPress Security problems here!

I have had so many hacked WordPress sites, over various hosting companies, that I was seriously considering giving up blogging altogether. I’m a part-time blogger, so trying to secure my sites and clean them up was actually taking more time than I was spending writing and promoting them.

Whatever I did, the hackers seemed to be winning. The worry this caused me had taken away almost all the pleasure of blogging.

Have you felt the same way? If you’ve ever had a hacked WordPress site you’ll probably understand how I felt.

And more to the point, if I didn’t have a solution for my own blogs, how could I advise new bloggers about blog security?

Who Has A Backdoor Into Your Blog?

How the hackers got into my site, I don’t know. For years – ever since I became aware how important it was to do so – I’ve kept my sites up-to-date, had strong passwords and used security plugins.

Yet my site was severely damaged – despite appearing completely fine to visitors and even within the WP dashboard.

The only warning was that, every so often I would get a message from my previous hosting company to say that my site had been compromised. This was then followed up by frantic efforts on my part, password changing, and then back to a few more weeks of peace, lulled into a false sense of security.

What I hadn’t at the time understood was that despite all seeming well on the surface, my blogs had “back-dbackdoor-px_250oors” into them, which meant that the hackers could come into my site at will and do whatever they wanted.

So adding the security plugins I mentioned in my last post was locking the stable door after the horse had bolted!

I had no idea my blog was hacked - is YOURS safe? Click To Tweet

All this has come as a bit of a revelation to me over the last few weeks. YOU maybe know all this, but despite having been blogging for about three years, I have only become aware of the full extent of the threat over the last few weeks.

  • My blog looked fine, to visitors and within the dashboard
  • It passed various security scans with no problem
  • Google was still sending me traffic (according to my Analytics)
  • I had a “HackAlert” service with my hosting company and I kept getting weekly “clean” reports

Is Shared Hosting A Security Problem?

I don’t even know which hosting company I was with when the site was originally compromised. I’ve been through a few, to be honest, and the ultimate reason for leaving all of them was because my site was hacked.

Every hosting company I’ve been with says it wasn’t their security that was breached, and blamed me. But I genuinely feel I had done as much as, and probably more than, the average WordPress site owner.

security-px-250What I didn’t realise was that as I moved to each new hosting company, having been hacked earlier, I was probably dragging the damage from each hosting company to the next – although it’s surprising that a new hosting company doesn’t routinely scan your sites before putting a blog onto a shared server!

So you never know quite who you’re sharing with…..

Some people, more knowledgable than I, say that being on shared hosting means that you can “catch” an infection from a different blog on the same server if that blog owner isn’t as careful as you have been.

Others, also more knowledgeable than I, say that this is extremely unlikely!

Make up your own mind who to believe.

Whichever is correct, it sounded plausible to me, so moving away from shared hosting seemed something I should consider and I wanted to move to a hosting company that took security as seriously as I do.

Choosing WordPress Hosting

I’d always hoped that one day I would be able to use Managed WordPress Hosting, but a cursory look at available options a few months ago suggested it was too expensive for me at that stage of my blogging career. (I have three current sites – after a mega-blitz of old projects that I did nothing with other than security updates.)

Then a blogging friend who read about my troubles suggested I look at Pressidium® Managed Hosting, because their service ticked all the boxes I was looking for.

  • Strong WordPress security – my number one requirement (Update May 2016: one remaining hack was fixed fast and free)
  • Excellent reliability and up-time (Update May 2016: I have had only 10mins of outages over the last 30 days)
  • Support – including answering WordPress questions
  • Speed
  • Easy to manage interface – especially backup and restore functions
  • Affordable managed hosting for 3 blogs

Cost Of Managed WordPress Hosting

OK – let’s get the first big stumbling block for newbies or part-time bloggers out of the way.

Despite the undoubted benefits of managed WordPress Hosting, I had formed the impression that it was “Expensive”. And yes, of course it costs more than the shared hosting I was moving from – but see  the section on value below, and my fears about shared hosting.

Here are the (February 2016) prices for WPEngine.com which is probably the first WordPress Managed Hosting company many bloggers think of:

wp-engine-prices

So, ouch, my 3 blogs would cost me $87 – which is why I had dismissed the idea of managed WP hosting – until my friend introduced me to Pressidium.

Aside: For both WPEngine and Pressidium there are higher level plans than I have shown here (check their respective websites), but I’m pretty sure that most of my regular readers will fit comfortably into these plans – or you can ask for a custom plan.

Think Managed WP Hosting is costly? Think again - see this price! Click To Tweet

Price Of Pressidium Managed WordPress Hosting

press-pricesSo, for less money than two WPEngine installations, Pressidium were offering me three installations – and I have 3 blogs. Good start!

I wondered what would happen if I had a sudden spike in traffic and exceeded the 30k visits a month and was reassured that this wouldn’t be an automatic “excess” charge, as with some hosting companies. My account would be monitored and if it happened regularly, Pressidium would have a chat to discuss the best way forward.

For start-up bloggers there’s also a micro plan for a single WP installation at $24.90 per month if you can fit into 10K visits/month and 5GB SSD space. Obviously upgrading your plan as your business grows is easy.

(NB Add VAT to prices where applicable. 60-day money back guarantee on monthly, but not annual plan.)

If none of these quite suit ask about the customized plan.

Still Worried About The Extra Cost?

compare cost of managed WP hostingDon’t try and compare the price of Managed WP hosting to the price of shared hosting, compare it to the cost of pizza for the family!

My new WordPress hosting costs about the same per month as that. (Update May 2016: the price shown above is an increase on what I am actually paying, but Pressidium have kept my pricing at the same level that I signed on in February.)

Which would I prefer? A family pizza once per month or a stress-free blog?  Given the HOURS I wasted fighting hackers, I’ll happily skip a monthly pizza, to save time and stress blogging.

But don’t think “cost” at all, think instead of the value of the extra services included:

  • My previous hosting company suggested securing my blogs by adding a security scan plugin costing about $16 per month per blog. Pressidium hosting includes security scans
  • It wasn’t quite clear with the previous company whether that $16pcm was AFTER I paid for my blogs to be repaired and cleaned. Pressidium scanned and cleaned each of my 3 blogs free of charge as part of the installation process.
  • Many hosting companies will only import one site free of charge – Pressidium migrated all 3 at no extra cost
  • Got a WordPress question? Pressidium are WP experts and will answer questions that many hosting companies wouldn’t want to know about from “Hey, my site is having issues“, to “Can you recommend a plugin for XYZ?“.

I don’t know how you value your own time… if you’re lucky enough, like me, to still be working, compare their cost per month to your own hourly rate.

  • How many hours would you work to earn that monthly hosting cost?
  • How many hours have I wasted in February, and previous months/years, failing to fix my blog issues?
  • How many hours do you waste in a typical month researching WP questions?
  • Can you spend that time in your business in a more profitable way than WordPress trouble-shooting?
  • If you only spent the extra time relaxing with the family, what would you pay for that extra time?
  • Next time you have a tricky WP problem, just think…. you could have had a WP expert looking at it like I have now

For me, it was a no-brainer when considered like that, so I decided to take the plunge. However, an affordable price wasn’t the only factor.

The Final Research Stage

questions about managed wp hostingPerhaps I should be telling you that I spent days researching prices and quizzing Managed WP Hosting gurus who know a zillion times more than I know. I didn’t. It would quickly be obvious that they could baffle me with tech-speak in one minute flat.

Instead, I had a chat with my friend about his experiences and read up a lot on Pressidium’s website, then I spent several hours getting my questions answered by Filip, one of the co-founders. When I had exhausted my own list of questions Adrienne Smith and Enstine Muki  suggested others I hadn’t thought of! Big thanks to them, as always. All our questions were answered to my satisfaction.

I was ready to press the “Join” button. But first there was a big problem to overcome…

Repairing My Hacked WordPress Blog

repair-px-250Once I realised how badly damaged my site was, it became obvious that before I moved anywhere else, it was essential to clear out the back-doors and damage in my blog.

I had been quoted several different prices for fixing my blog – no-one but Pressidium said they would do it free!

To cut yet another long story short, this blog was apparently one of the most badly damaged blogs they had ever had to deal with.

Remember:

  • It had passed several security scans by my existing hosting company
  • To you and I it looked fine, even within the dashboard.
  • It was only on inspection of my FTP account that I started to be suspicious, plus a warning from the hosting company that they later passed off as fixed – when I could see from the FTP that it clearly wasn’t
  • My own scan with a popular (premium) malware scanner didn’t pick up the problem

Despite all this Pressidium took on the job.

With the repair and clean-up done, on their staging site, the move “proper” started, taking the sites one at a time. This one first.

Review of My Move To Managed WordPress Hosting

On Tuesday night my blog underwent major surgery, but in less than 24hrs it was live on its new home, fully repaired.

There was no perceptible down-time, because the site stayed live on the old hosting while it was repaired on the new. Then I checked the moved site on the new “staging” area, before agreeing it could go live.

Throughout the process I was kept informed of what was happening, and occasionally consulted about options.

When I’d run my first blog (this one, the worst hacked of the 3) for a few days I asked, on Friday evening, about migrating over the other two. Andrew said they were pretty busy and the migrations may not get done until the coming week, which wasn’t a problem to me.

However, I went out for the day on Saturday and by the time I’d returned both sites were waiting for me to check over.

Being “me” it had to be done between the hours of 10pm and 1am Saturday night / Sunday morning, but Gianni was there backwards and forwards with answers and finally practical help with changing over the DNS.

Now all three sites are live – clean and safe. Phew.

Apparently migrating and cleaning my 3 sites, in total, took about 3-man-days…. which I can believe because I took a peak in some of the WP directories and noticed stuff that didn’t look as if it should be there, but not being an expert I couldn’t be sure and daren’t fiddle.

So a big thanks to the Pressidium team and I will NOT be testing their 60-day money back guarantee!

What Snags Did I Hit?

Nothing goes 100% smoothly, so I was hit with a few problems. All but number (1) were resolved easily, and that isn’t Pressidium’s problem.

1) My biggest problem was that Pressidium don’t include an email service, so I’ve had to set up my own emails. Zoho was their suggested “free email” supplier. This took quite a while to set up, because so much was new to me. However, Zoho rang me and set it up for me in the end, which was very helpful. I WAS warned about this up-front, and it’s probably my lack of technical skills, but I hadn’t realized how difficult I would find setting up the email service. Update May 2016: Although this was a pain to set up, it’s worked perfectly since then. 

2) Pressidium have a list of banned plugins and I was using some of them. Some were for image optimizing, caching, and of course all my WordPress security plugins. These were removed as the tasks are done better by Pressidium. Fine. Unfortunately one that I didn’t realize had been uninstalled at first was my beloved Broken Link Checker. Andrew told me that it’s a big no-no, because it performs database intensive operations that tie up infrastructure and slow your site down. It is not allowed on many premium managed WordPress platforms. Andrew suggested other tools instead, but I have to run them manually, whereas Broken Link Checker ran automatically and warned me by email. Pressidium aren’t the only company to “ban” that plugin. Here are several ways to check for broken linksUpdate May 2016: The free tool Pressidium suggested  (Link Checker) found old broken links that hadn’t been picked up by the plugin I was using…. another improvement!

3) Pressidium don’t support subfolder installs, so one of my other site’s main URLs unfortunately would not work. As a work around Andrew created a 301 rewrite-rule to give an SEO friendly redirect that was entirely transparent to my site’s visitors.

4) I had three non-WP sites on my old hosting and they can’t move to Pressidium. Sadly one of those had been hacked too – so I just cut my losses and deleted them all. Better focus for me!

What Improvements Have I Noticed?

The snags section appears to be longer than the improvements, but that’s misleading, because the whole migration process was a delight in that I hardly had to get involved, other than to check my site out and give the “Go live”, after which….

  • The first thing I noticed was better speed while creating a post. Before, when trying to find an image from the library it was a “make yourself a cup of coffee while you wait” type task. Now, they just zip into view.
  • The whole posting experience seems faster, and some odd problems I used to have, occasionally losing posts, I haven’t seen since my move.
  • PressiSupport (see the co-founders on the right) has been prompt and friendly. I haven’t had a really tricky WP problem yet, but from the answers I’ve had so far I’m confident Pressidium will protect me from many future technical problems.
  • The hosting dashboard is easy to find my way round.
  • Backups are done for me daily, and I can do instant ones too. It’s easy to see them, which gives confidence that they’re being done. (One very old hosting company I was with “forgot” to do backups for about three months, which in my innocence I only realised when my site was hacked and I asked them to recover from backup. Yet another lost blog.)
  • Best of all – my blog is clean and protected. I certainly don’t miss the scary emails telling me about “intrusion attacks” that I had no idea how to fix!

Of course, it’s early days still, and I’ll be monitoring “things” very closely, but so far I’m delighted with my move to Pressidium’s Managed WordPress hosting. Learn more here (affiliate link). Update January 2017 – Still delighted!!

Pressidium® Managed WordPress HostingAre you using Managed WordPress Hosting yet? Please share your experiences in the comments below.

Please share
Joy
 

I left it too late to plan for a financially secure retirement. Don’t make my mistake. Start building an extra income with a part-time (or full-time) business online.

Think you don’t have time? Can’t afford the start-up cost? Can’t meet sales targets? The businesses I promote overcome all the problems you may have had with Internet Marketing before. Contact me for free advice (no obligation) on the best fit for your circumstances.

Click Here to Leave a Comment Below 35 comments
Kim Willis - March 2, 2016

Hi Joy,

Very helpful post, once again.

I got hacked a few years ago and always wondered if perhaps my shared hosting with Hostgator was a problem. If it’s true that we can ‘catch’ an infection from another blog on the shared platform, it is quite scary.

Your Presidium option looks like a like practical and affordable solution.

I also like the fast speeds and daily backup service.

I’ll get my son to look at this and if he agrees with me we’ll switch over, using your link of course!

Kim

Reply
    Joy - March 2, 2016

    Hi Kim,

    I was also hacked at Hostgator and I’m now wondering if I dragged something from them to SiteGround. Having moved to Pressidium I just cancelled my SiteGround shared hosting.

    I’m still unsure whether it’s the shared hosting or a previous hacking that was carried over on the install at SiteGround, but whichever – it’s very worrying. I know many successful bloggers who are using Hostgator and SiteGround, so I genuinely don’t know what went wrong for me.

    Pressidium are very responsive to my support questions and also have some exciting plugin functionality planned for a future release.

    If you do decide to switch over I suggest that you do what I did and contact their sales team and ask any questions you wish before moving. I suggest you ask them to check if any of your plugins are on their “do not install” list.

    Do let me know if I can help 🙂

    Joy – Blogging After Dark

    Reply
Matt - March 2, 2016

This was a great read and I got a lot from it.

Security problems on the wordpress blogs can be an issue.

Thanks for writing this!

Reply
    Joy - March 2, 2016

    Hi Matt,

    Poor security has caused me a lot of problems and wasted me a lot of time when I could have been doing more useful things.

    It’s something that people think won’t happen to them, and then it does.

    Joy – Blogging After Dark

    Reply
Enstine Muki - March 3, 2016

Hey Joy,
I have been seriously waiting for this post and thanks you finally have given us remarkable details how things went.

My surprise here is the fact that your new host doesn’t support email services. I have never thought that could be so. Well, I don’t have experience with any dedicated WordPress Hosting before maybe that’s how it is with them. That’s quite ought to me though 😉

Now, I’m sure other aspects like speed, security and customer service are right on top. While I know they are good, it will be too early too to jump into conclusions. Let’s see how it goes in the next few years 😉

Good luck to you my dear friend and thanks for the shout out. It’s always good to help a true friend out

Reply
    Joy - March 4, 2016

    Hi Enstine,

    It’s been a very fraught few weeks leading up to this post – as you know only too well, having been on the receiving end of my sorrowful emails!

    The week since I finally migrated hasn’t been completely plain sailing either, as you may have gathered from my “silence”!! The main problems I have had since migrating were – as you say – with the email service (or lack of it).

    Im fairness to the poor email providers who have eventually ended up with my “business” I do have a pretty awkward email setup. Also I took advantage of the upheaval to add some extra email addresses that I hadn’t been using before on one of my other blogs. If I had been adding just one email address I think it would have been a lot more straightforward. So at long last – just this evening – I hope I have full email functionality again. Yes – I wish Pressidium provided an email service too!

    Apart from my email difficulties, everything has gone well. I was asked to re-install some plugins that were a bit suspect, and some have been deleted because the functionality is in the hosting.

    As you say, it’s early days to make a final judgement so I know you, and several others, will be monitoring my progress with interest.

    To further streamline my over-complicated set-up, I finally closed my old hosting account just last night. I also closed down several old websites that weren’t WordPress, because I wasn’t using them and couldn’t take them with me to Pressidium.

    Well….. I have a huge backlog of work to catch up on after all the time lost over the last few days, but I hope it will have been worth while going forward.

    Thanks again for your help,

    Joy – Blogging After Dark

    Reply
Edward Thorpe - March 3, 2016

Hi Joy,

Whew! Just when I thought it was safe to link to you… I hope this completes your nightmarish WP security cycle. You’ve been through the wringer with this. Thanks for the details, though. Your experiences should help other bloggers. (I’m going to look at your new hosting service – and I’m gonna delete my ‘broken link’ plug-in.)
Have a great weekend,
Edward

Reply
    Joy - March 4, 2016

    Hi Edward,

    Nightmare certainly is the word for it. I reallly hope that this final burst of optimism is well-founded because of late I have felt that the God of Blogs was trying to tell me something.

    Just to clarify on the Broken Link plug-in, it wasn’t deleted because it was a security risk, but because it was quite heavy on the hosting resource. I’ll be honest and say I wish it was still there because I found it useful. However, if that’s part of the price to pay for keeping my blog safe, so be it.

    Should be a good weekend for me – UK Mothering Sunday and Matt is headed my way 🙂

    Joy – Blogging After Dark

    Reply
Cararta - March 4, 2016

Hi Joy,

I’ve had my site (several of them)infiltrated by someone on my shared server. Found out later they did almost everyone on the shared server without getting caught.

Spend two days tracking where the Trash was coming from…Started when in my analytics supplied by the host showed my search keywords were Sun glasses, sex and fake Gucci Bags, shoes etc.

Found a church with a forum (a friend checked it out and said had not been updated in 3 years..old software) that had this user with thousands of links, pdf files filled with them, all people from my shared server.
Called the Church, called Host Gator, finally
got it fixed,
but now every once in awhile I get some feedback from Hotmail on the email accounts for the sites.

Gradually doing away with these email accounts as that seems to be a soft entry.

Congrats on finding a dependable, Safe host.

~Cararta

Reply
    Joy - March 4, 2016

    Hi Cararta,

    Although I’m sorry you went through that experience I’m so pleased that you have confirmed that sites can be hacked on shared hosting – because I wasn’t sure whether it was just a scare story.

    The scenario you describe was SO similar to what happened to me, although I never actually tracked down the villain of the piece. Another site they filled it with forgeign pages so I have no idea what they wee up to.

    Interesting comment about the email accounts being a possible entry – I hadn’t heard of that before.

    Hoping I’m finally here to stay!

    Joy – Blogging After Dark

    Reply
Peter Beckenham - March 6, 2016

Hi Joy,

I am just so happy for you after what has seemed like a horrible period of time with all the hacking issues of your blogs.

This post has really made me think as like you I was also hacked and I’m not sure just how much that had to do with my shared hosting at Hostgator – they seemed to think it was my IP providers fault and not theirs but I am really not sure about that.

My only concern (and shock actually) was the lack of email support with Pressidium – my email list building is critical to my future and this would be a major hurdle for me to overcome.

I’m not all that technical and to be honest, even though Pressidium looks great apart from the email bit, the actual moving to another hosting platform would worry me a lot.

You shared about the move but I’m just wondering if that same level of great support would be available to a remote Thai village blogger!

Anyway I will definitely check out some more Joy and if it looks like I can benefit from changing I’ll definitely be doing it via your link.

Thanks for this important share Joy and may your future online be “hack-free”

Best wishes from the remote Thai village blogger

Peter

Reply
    Joy - March 6, 2016

    Hi Peter,

    Yes it’s seemed like an age – and it’s not just been the recent five weeks to resolve the latest problem – it’s the repeated hackings and cleanings over the last two to three years. I THOUGHT they had been resolved, but they hadn’t been.

    These hackers were far clever than I am – and apparently cleverer than both my previous hosting companies who failed to get to the bottom of the issue. Everyone just blamed everyone else. Most of all they seemed to think I was at fault, but my WP installations were always as up-to-date as humanly possible (never more than a couple of days) – given that I have a life outside blogging.

    Addressing your concerns: the email service first. This did cause me a bit of grief to be honest because I’m not technical either. But I didn’t lose any emails and it’s all resolved now. My main email “[email protected]” got set up pretty easily using a free service that Pressidium suggested, in fact they helped me with it, even though it was outside their brief.

    The emails collected in that mailbox (or whatever the correct term is) and I could see them online at all times.

    My first actual email problem was linking the online mailbox to Thunderbird on my desktop. I did get support from the free email provider, but it was as slow as you would expect from a free service. Being fair to them, it was probably faster than you would expect from a free service!

    The second problem was that I had a second email address (say, [email protected]) and it was this that I just couldn’t get going as I wanted it. Again, the emails were visible online. After about 4 days the free service took pity on me and actually rang me to sort out Thunderbird for me.

    The third problem was that I had a second blog with emails (for my offline business). Despite the help from the free email service my confidence was sufficiently shaken that I couldn’t face going through it all again for the THREE email addresses on my second blog.

    Instead I turned to the guy who has handled the emails for my offline business for about ten years – because I communicate with my offline clients mostly by email. He produced my first website before I had ever heard of WordPress. I didn’t go to him in the first place because, as a “proper” HTML/PHP/whatever developer he hates WordPress because he considers it insecure. I’m beginning to see what he means!

    Anyway, when I explained the problem I was having, he set me up an email service on his server and helped me get the settings right in Thunderbird. Once I committed to him we had five emails on three different domains set up within a couple of hours. From that you can probably see that I have a more complicated email set-up than average.

    If you were uneasy with the free service (which is now working perfectly well) I would happily put you in contact with Iain and explain to him that you’re doing the same sort of thing that I just did. The price was cheaper than letting (say) GoDaddy handle my emails – which was another possibility I was considering.

    So there ARE other options, and all is well now, but I must confess I wish Pressidium was handling emails along with the blog.

    Which brings me onto whether Pressidium would give the same level of great support to a remote Thai village blogger. A resounding YES – even without asking them. All my support with Pressidium has been handled by email (I believe they are based in Greece). I guess you could set up a temporary gmail account if you were nervous about not having your main email during the transition period.

    The migration was completely transparent to me – I have them my WP and hosting details and it happened without me! Wonderful 🙂

    If you have questions when you review their site I suggest you do what I did and contact them to get pre-sales questions resolved first. We emailed back and forth for a week before I committed. Their support to me as an actual customer is faster than as a prospect.

    One tip in the pre-sales process would be to tell them what plugins you’re using because there are some that they consider insecure OR too heavy on the servers. I have lost a couple of much loved plugins, but as Andrew said: without a secure site you could have NO site. Put like that, I removed the insecure plugin! For the “too heavy on resources” plugin, he suggested an alternative approach.

    So, I hope that’s answered some of your questions, and do feel free to come back with more – or contact Pressidium direct.

    Enjoy your weekend,

    Joy – Blogging After Dark

    Reply
Adrienne - March 7, 2016

Hey Joy,

Finally made it by here but I’m SO glad you’re all set now AND you found a place for your emails. I know that’s the only concern you had moving over to this other service but I’m glad they found the issues with your blog, cleaned it all up and now you’re back up and running without having to worry about those darn technical issues anymore.

That’s going to be a BIG relief for you and now you can concentrate on your blog and moving forward.

I know that anyone who is or has had issues with their blog will appreciate this very thorough post. Dealing with things like this is never pleasant so I know your own experiences will come in very handy helping them perhaps consider how they too can move forward.

So happy for you Joy and now on to smooth sailing my dear. Have a great week.

~Adrienne

Reply
    Joy - March 7, 2016

    Hi Adrienne

    Well, I wanted to record it just as it happened, because I know I was completely lost with all that was going on and I just hope it will be a help to anyone else who finds themselves stuck like I did!

    I really can’t handle technical issues like that, it all took so much time because I just didn’t know what I was doing, and more to the point I don’t want to know either!

    Being able to hand it over to real experts was such a relief.

    The emails were a pain – but I did get them sorted in the end!

    Thanks again for all your support and encouragement over a very tricky time.

    Joy – Blogging After Dark

    Reply
Nicolas Puegher - March 7, 2016

Hi Joy,

Thanks for sharing all this helpful and awesome information, I need to work much better with my security and this post is going to favorites!

This is a business and we need to make things properly to avoid problems in the future.

Regards,
Nicolas.

Reply
    Joy - March 7, 2016

    Hi Nicholas,

    I’m glad you found it helpful. So many people – like I did – imagine we are “too small” for a hacker to notice. I have learned scary things over the last few weeks and no-one seems too small to be noticed by this scum.

    You make a good point about treating our businesses as – well – businesses. Care in setup plus a few dollars invested from the outset can set a firm foundation to save many hours and much stress down the line when our blogs are established and can least avoid disruption.

    Thanks for your visit,

    Joy – Blogging After Dark

    Reply
Donna Merrill - March 9, 2016

Hi Joy,

Wow..what a horrid experience getting your site hacked! Your heart must have fell to your stomach…you know that feeling! So glad you went to managed hosting.

I used premium managed hosting for my blog and my membership site. What a pleasure it is compared to the headaches of shared hosting. If one wants to run a business, we do have to have some delegation of work. This was the first time I had done so and it gave me more time to do what I needed to focus on.

I get message notifications immediately if something goes wrong. The company I went with is awesome! I feel I know the person well that owns it and he is amazing.

If one has a WordPress site and is doing business premium managed hosting is a must!

-Donna

Reply
    Joy - March 10, 2016

    Hi Donna,

    It most certainly was a dreadful time – and so frustrating, because I had tried very hard to protect my blog. With all the precautions I had taken I think it must have been as a result of being on shared hosting. Although some still doubt that this can happen.

    I’m glad you’re enjoying the protection of premium managed hosting too. The technicalities of hosting is one area I’ve been more than happy to out-source, and marks a turning point into me being more business-like with my blog.

    Thanks for popping over, Joy – Blogging After Dark

    Reply
David Hartshorne - March 10, 2016

Hi Joy,

It was great to read your triumphant experience here – finally, your security issues are behind you and Pressidium, as always, are going above and beyond, to look after you. I was most impressed that they ‘cleansed’ your site for you too. Of course, it makes sense that they don’t bring an infected site onto their hosting, but to do it FOC was a big bonus for you!

Also good to see you using Thrive Themes Focusblog – it looks good.

Wishing you safe and secure hosting and more sleep 🙂
– David

Reply
    Joy - March 10, 2016

    Hi David,

    Yes – such a relief to feel in safe hands with Pressidium and a real bonus that they cleaned the site for me, which as you say makes complete sense. I’m still amazed to think that previous hosts may have allowed me to add my sites to their shared hosting without checking them first. Either that or they allowed a breach in there. Whichever the problem it’s a worrying indictment of shared hosting.

    Haha – I do feel triumphant. I have struggled with this for so many months now, tried my best and never felt I got on top of it.

    Thanks for your part in talking to me about your equally good experiences with Pressidium.

    I’m also enjoying ThriveThemes, although I have to confess I’ve been so tied up with WordPress security issues I don’t feel I’ve scratched the surface of what Thrive’s FocusBlog can do for me.

    That’s the next thing to get to grips with, although much more rewarding that fighting hackers! What’s that about more sleep???

    Joy – (Still!) Blogging After Dark

    Reply
Katrin - March 10, 2016

Hi Joy,

that was a very interesting read, thanks for sharing your experiences, even though they don’t sound like much fun. However, I am sure the community will benefit from your experiences and research.

As for the question, whether one can „catch“ an infection from a different blog on the same server: well, I would agree it is highly unlikely, but not impossible.
Shared hosting has its pitfalls, even though it is the most plausible choice for a website starter. But website grow, and managed hosting is indeed a valuable option to consider.

Maybe Pressidium adds the email service to their portfolio one day. For an entrepreneur it makes just more sense to have it all in one account.

~ Katrin

Reply
    Joy - March 10, 2016

    Hi Katrin

    Haha – fun it most certainly was NOT!! But thinking positively, I hope that a move to managed WordPress hosting will save someone else from having the same problems that I had.

    And I certainly hope Pressidium add email service one day too. Now it’s all set up it’s working perfectly, but it would have been so much easier to do it all together.

    Well, opinions still vary as to whether shared hosting was the root cause of the problem. If it was, that’s a real shame, because shared hosting is what new bloggers will naturally gravitate towards – and they may be the least capable of resolving any hacking issue.

    Joy – Blogging After Dark

    Reply
Joan M Harrington - March 14, 2016

Hi Joy 🙂

Such a detailed post and so glad that you are not having issues with your blog security anymore 🙂 For us bloggers, this is a REAL issue and safeguarding our site is so important! Thanks for the excellent tips and what is working for you!!

Reply
    Joy - March 14, 2016

    Hi Joan,

    Well I just didn’t want anyone else to have the same problems, without being aware of how badly things can go wrong.

    Problem is, you start blogging and you just want to blog, then all of a sudden something like this happens and you (well, me anyway) have NO idea what to do to fix it. I don’t want to fix blog problems, I just want to write 🙂

    Please to say the new hosting is going well.

    Joy – Blogging After Dark

    Reply
Robin Khokhar - March 15, 2016

Hi Joy,
I have read many posts on WordPress security and you shared something similar but in little more detail. I enjoyed reading your post.
Thanks for the share.

Reply
    Joy - March 15, 2016

    Hi Robin,

    Hope you found it useful. I know what you meant about reading many posts on WordPress Security LOL

    When I had my problems it completely took over my life, and half the time I didn’t understand them, or even want to understand them. I just wanted rid of the backdoors in my blog 🙁

    Good luck, Joy – Blogging After Dark

    Reply
Naman Kumar - March 16, 2016

Really good service and review.
One should really have, if he is earning 🙂
Not possible for students like me.

Reply
    Joy - March 16, 2016

    Hi Naman

    I can really relate to what you say about keeping costs down, but when I got into such a mess because I had tried to save a few dollars (less than I would have spent on a night out) I really regretted not having spent that extra money on my business – because, with luck, in the time I wasted fighting hackers, I could have been making profits instead.

    Although, at the time I didn’t realise that there was such an affordable option available.

    Joy – Blogging After Dark

    Reply
Dr. Erica Goodstone - March 21, 2016

Joy,

Welcome to the world of internet entrepreneurship and blogging. For many years I had one html web site and then started creating wordpress sites. My previous hosting company was annoying to work with, never could talk on the phone with a live person and they had an attitude as if I should just handle everything myself – which I had no idea how to do.

When they discovered malware, they did nothing to fix the problem but just blocked the site temporarily, from time to time, and then continued to do nothing. Finally all my sites got blocked. In a panic, I contacted a reliable tech online firned and she checked the situation but was unable to access my cpanel because the hosting service had blocked it. Realizing this was going to be an expensive, time-consuming deal, I did not continue with her. Instead, I asked BlueHost, the company that was hosting only one of my sites, if they knew a solution. And they did – “Site Doctor” For $99, Site Doctor cleaned all my web sites. For another $99, Blue Host transferred all my web sites. But then I needed ongoing scanning and security. So that cost about $89/year for each web site, and I have several. Now I have all of my blog sites covered by SiteLock which scans them every day. And now I have upgraded to a better security server situation with BlueHost. Although each time the sites were transferred it did take a few days until it was all working smoothly, what a relief!! Sometimes I have to wait a long time. Once I called Blue Host while driving, stayed on the phone while I stopped for dinner at a local restaurant, and at the end of my meal the Blue Host tech finally got on the phone. Regardless of some inconveniences, I am totally satisfied.

Warmly,

Dr. Erica

Reply
    Joy - March 21, 2016

    Hi Dr Erica,

    Ooh gosh – another long and expensive saga, but so pleased you have also had a happy outcome. I hadn’t come across Site Doctor before, but I would happily have paid that to get all my sites cleaned, as my previous company were suggesting something more expensive than that.

    Yes – the article writing, products and marketing are areas we understand we have to learn about, but the technical issues of fighting hosting and malware….. well that just left me befuddled.

    What really annoyed me was that the old company kept sending me emails saying my site was clean – but it was only one domain out of three and that really wasn’t made clear to me at the start. Also, whether it was “clean” or not, seemed to depend on who was manning the support desk!

    Although they were very good and fast on most support calls they were most unhelpful about the malware. And I felt it was their fault I had been infected in the first place – or at least they had brought across an already hacked site from an even earlier company. Sigh..

    Never mind – I’m just hoping that’s all behind me now, and I’m very pleased you’re satistfied with Blue Host too.

    Very best wishes, Joy – Blogging After Dark

    Reply
sazia kazia - March 26, 2016

Hi Joy mam, I also listen about back doors to blog very informative post about website security..Thanks for sharing this knowledge

Reply
    Joy - March 26, 2016

    Hi Sazia,

    Well I certainly hope you don’t have back-doors into your blog because once these dreadful people can get in there, they are very difficult (and expensive) to remove.

    If you do have them, I hope some of the thins I have written will point you in the best direction to get rid of the hackers.

    Joy, Blogging After Dark

    Reply
Brown Mortin - April 23, 2016

It’s great to come across a blog every once in a while that isn’t the same out of date rehashed material. Fantastic read! I’ve saved your site and I’m adding your RSS feeds to my website.

Reply
Richard Seaton - June 10, 2016

Hello Joy – I am fairly new to this blogging malarkey (about 2 years), and I was browsing through lots of comments today on blogs I visit, and I saw a reply you made on one of Kim Willis’s posts, which is how I arrived here and read about your blog hack.

Although the party has finished on this post and everyone has gone home, I am now seriously going to have to spend time making certain I have ‘locked down’ my blog properly after reading this post. I know all about backdoors and changing passwords often. I even use an encryption program which changes all my passwords regularly and automatically.

I lost my previous blog about 18 months ago – which I hadn’t backed up!. Nightmare!! That was a lesson in itself. But the process of starting all over again actually meant I did do some homework on security this time. One of the first things I did was to get a secure domain name (not forwarded or subbed) and a solid secure host. I also joined one or two WordPress FB Groups, dedicated to helping exactly these security problems. I won’t publish which ones here, as I don’t want to get blamed for recommending something that might explode, but trust me, there are some good ones.

I also found a professional blogger (who also happens to be a friend I didn’t realise was a blogger) who is ethical and honest, and who manages to simplify the whole thing. As you know, there are a few basics things that need to be in place from day one.

In addition to those already mentioned, many people even forget at the start to do the basics, like changing the UN immediately from ‘Admin’. Believe it or not this is still one of the most common errors people make. And, as you say, ‘…once the horse has bolted…’

Thanks for this great heads-up. We always need to be vigilant.

Best wishes to all
Richard

Reply
    Joy - June 12, 2016

    Hi Richard,

    Welcome to my blog, I am so pleased you found me via Kim and I hope you will find plenty of helpful information here:-)

    I can so relate to losing a blog that wasn’t backed up – in the days when I thought Internet Marketing would be easy (hahaha!) – I was running about 4 blogs and I assumed the hosting company would be backing them up. (I’d even asked them to confirm that, because I have many years of IT experience.) My mistake was in trusting what they said, rather than checking, because when I lost all 4 on the same day guess what – they had “forgotten” to do any backups. We managed to cobble something together from the last backup they’d done, but I lost a LOT.

    What a disaster – or was it?

    I have to be honest and say that those blogs were rubbish LOL. I look back in horror now at what I imagined people might actually read.

    So I took stock of what I had learned that was good, dumped the rubbish and started again. I’d like to say that this was the result, but there were a couple that predated this one. They were better, but in the end, I was just trying to manage too many blogs, and slimmed “the empire” down again.

    Which is all a long way round to agreeing with you that security and backups are vital to avoid loss of your work!

    Perhaps if I had in place all the measures that we’re both now aware of, those blogs wouldn’t have been hacked. But I think the hosting was to blame because I also had a couple of blogs on a completely different hosting company (Hostica) and they were great – I was never hacked there. With hindsight I should have just moved there from my other shared hosting, but I was penny-wise and pound foolish. Also, I think the hacked blogs had backdoors etc in them.

    My managed WordPress hosting is costing me more per month than the shared hosting did, but it’s SO worth the money in the time and stress it has saved me, because with the shared hosting I was just hacked over and over again (on two different hosting companies).

    Interesting that you worked with a professional blogger who knew the things that novice bloggers may learn too late (e.g. username admin – I still see many doing that). With hindsight I wish I had let someone do it for me. I’ve now reached the level of competence when I know the pitfalls to avoid, but at what cost?

    I’m pleased you’ve now got your security well covered. That encryption program sounds interesting!

    Thanks for dropping by, and glad to “meet” you here; we’ve already met in a the training group. Now you’ve read about my hacking difficulties you can probably see why I’m lagging behind. However, my plan is to catch up over the summer – family and “other business” permitting!!

    Joy – Blogging After Dark

    Reply

Leave a Reply: