crook-px-250Not all the crooks are online! There are crooks online AND offline, and unfortunately we have to beware and protect ourselves. I have been too trusting in the past, but I'm gradually getting a healthy dose of scepticism and cynicism knocked in to me.

Let me tell you a little story about something that has been driving my stress levels through the roof for the last month.

Crooks Offline

The shower in the guest bathroom broke. And with an influx of family to stay over the Christmas period I wanted to make everything as convenient as possible.

So I needed to find a plumber pretty quickly. I had two plumbers round to quote for the problem but they seemed a bit vague about what was going on, so I got the feeling I was being “set-up” for an expensive investigation into possible pipe-work problems. The shower had worked fine for several years.

Then Russ pointed out that no-one had actually opened the shower to check if it was broken. They'd all jumped to the conclusion that I needed a big investigation job. So, not having a trusted plumber, my son suggested we use a very well known UK website where trades-people are rated according to the service they give customers.

I posted my job offer and literally within minutes I had a response and – let's call him “Pete The Plumber” – offered to come round and give me a free quote for the job. He was with us within an hour. A very personable young man, and a quick check on his reviews showed that he had excellent ratings.

unreliable plumberHe opened up the shower, told me I needed a new one, then went online, showed us the one we needed – priced at £200 – and offered to pass on his trade discount if we paid him up-front.

It seemed a reasonable request to expedite the job, which he said could be done two days later if he had cleared funds to buy the shower from his supplier. So I gave him £150 in cash. He gave us a receipt (with his address on) promising a fixed price to do the job and went off to buy the part, promising to return within a couple of days.

The Start Of My Unreliable Plumber Problems

That was the end of the good news. To cut a very long story short, he spun me along for two weeks with stories about illnesses that were preventing him from working and, as he'd seemed such a nice chap, I took him at face value and replied sympathetically. Then – as my need for the shower repair became more and more pressing – so did my requests for him to come.

He gave me a whole series of dates and times when he could come to do the job, every promise being broken. Finally he offered a refund if I was unhappy. I said “Yes please”, so the promises to come and repair the shower then turned into dates and times when he would refund my up-front payment – again all broken.

Dig Deeper Into The Ratings

Further investigations into his five star ratings on the website revealed that if you clicked into the comments, a depressing trend of stories emerged similar to my own, or shoddy work that later wasn't corrected. Perhaps what had happened was that most people had immediately rated him excellent for his prompt arrival and helpful manner then not gone back to correct their ratings into “unreliable plumber” for various reasons.

I also spotted that he had been “rated” regularly all through the time he'd claimed to be too ill to work.

Finally I contacted the website, but they said reply turn-round time could be up to 5-days. When I did get their answer (admittedly before 5 days) they didn't actually address the question I'd asked! I didn't bother to ask again.

One Month On….

After this had gone on for a month I was completely stressed out and feeling very stupid that I couldn't book a plumbing job without getting mugged off. Everyone in the family had their own opinions about how I should have handled it – of course.

I even tried psychological “warfare” :

  • Texting to ask how he would feel if someone had treated his Mum like this
  • Reminding him that £150 might not be a lot of money for him, but it represented almost a week's pension income for me – as discussed in my previous post about planning for retirement
  • Telling him the stress was making me ill, this was true: I had headaches and a permanent sick feeling in my stomach, constantly checking the doormat for my promised refund

He replied claiming to have a conscience and promised several further dates to refund my money, but still didn't turn up.

Finally, patience at an end I issued an ultimatum that if I didn't have the cash back in my hand by 6pm that same day I would issue an official complaint to the website where I'd found him – and from which he'd told me he got most of his work.

guard dogI was made braver because that day Matt, his wife and his dog Bailey were visiting me, so I had moral support.

“Pete” (not real name) the unreliable plumber turned up 15 minutes late, true to form. Matt (a gentle giant) went to the door to take the money from him, and we let Bailey do his “guard dog” duty and bark his head off – obviously behind closed doors.

That's not Bailey on the left. Bailey is a sweetheart, albeit a noisy one.

Matt stood and ostentatiously took down the plumber's van registration, and I'd already assured “Pete” that my security cameras would record him delivering the refund back to me.

So, I got my refund – finally – but why does it have to be like that? Why can't people use their skills for good instead of to scam and cheat people?

Moral Dilemma

I would like to tell you that I immediately went onto the website and gave him a bad rating, to protect others from my experience. But I haven't. Why?

  • Was it implicit in our arrangement that if I got my money back I wouldn't complain?
  • I've read that this site won't accept negative reviews where no work was done
  • Do I want another visit from “Pete the unreliable plumber” late one night? No I do not!

It's on my conscience that my “refund” could have been collected from some other trusting soul who handed over cash for an up-front payment.

Given the three points above, what would you have done?

Staying Safe

Obviously to stay safe from rogue tradesmen I should never have paid the money up front, and checked more deeply into the reviews. But I did feel I'd taken basic safety measures by using the site to find someone in the first place.

So, as with staying safe from crooks online, basic offline security measure are no longer enough. Which brings me back to crooks online and my blogging “challenges”.

Crooks Online

backdoor-px_250Added to the stress of the unreliable plumber, has been the continuing fight with my blog security.

As I learn more about the scary world of WordPress security problems, it's looking as if – despite taking basic security precautions – some online scamster has a backdoor into my blog and dumped a load of rubbish php files there that let my blog function fine on the face of it.

But I don't want them there.

This probably happened a long time ago – maybe even from a hacking on my previous hosting company, as the current company (as at February 2016) is adamant it couldn't have happened with them.

Improved WordPress Security Measures

Well, like the rogue plumber, these scamsters have picked the wrong victim this time as I'm too stubborn to give up.

I have implemented even stronger security measures than I had before and I'm now getting regular emails from All In One WP Security's free plugin about all the login attempts that are immediately being locked out at IP level.

Another plugin worthy of note is iThemes Security. I really recommend you to get on their mailing list, because they hold excellent training webinars from which I've learned so much over the last few days in their “WordPress Disaster Week”.

A lot of what I have learned over the past couple of weeks is very scary and depressing for an innocent, part-time blogger, like me, who thought she could just get on quietly blogging in peace. I really don't have time to waste fighting technical issues. I know the direction I want to take my business, but crooks online are determined to waste my time.

basic security measuresI'm actually quite out-raged about this problem, because – as mentioned before – I'd already taken lots of basic security measures:

  • My WordPress version is kept up-to-date by my hosting company
  • I'm in and out of my blog every day keeping plugins up to date
  • I approve comments manually (only) and check links
  • My hosting and WP password are 18+ characters and symbols
  • I already had more than one security plugin loaded

Obviously those still haven't been enough and I'm not qualified to comment on suggestions for the causes that people put forward or refute, equally enthusiastically.

I'm looking at an even stronger solution now, that will clean my site completely and fix this once and for all. I'm still getting my questions answered.

A Lesson For New And Part-time Bloggers

As a complete new-comer to blogging I distinctly remember thinking “No-one would want to hack my little blog”.

How wrong could I be! Implementing WordPress security measures is probably even more important to a new blogger – because of your inexperience. Once the hackers “get in” (and trust me, they will, if you're slapdash about security) it's difficult and expensive to get them out. All the plug-ins in the world will be too late.

Start as you mean to go on and implement at least one of those two plugins above. (As at February 2015 I have FOUR security plugins running at once and it's frightening to see how many login attempts they're blocking.)

The plugins are free – cleaning up a hacked blog isn't. And if you're a part-time blogger you need all your time for writing and promoting. Not repairing damage.

WordPress Help Behind The Scenes

This post wouldn't be complete without a big thank-you to two wonderful online friends who have given me so much support and encouragement, suggesting measures to take, and technical questions to ask, that I would never have thought of as I tried to beat the crooks online.

A big thanks to two of the most genuine, kind and honest bloggers I have come across online. No surprises…..

Huge thanks to Adrienne Smith and Enstine Muki for taking time out of their busy days to be trust-worthy friends to this part-time blogger.

If you are unlucky enough to be hacked, you may find out how to fix a WordPress hack yourself here.

UPDATE March 2016

Click HERE for the next installment of what I did to fix my WordPress security problems.