Recently, my webserver at Hostgator was infected by malware which took over all of my domains. Luckily, I was able to clean the infection and move them to a new, and much faster web host. Still, I lost all of my images in the ordeal.
I relied on Hostgator having backups only to find out that my account was “too large” and backups never ran. Which goes to show you should never have 100% faith in your hosting platform to keep your files safe.
It Was My Fault
From what I can tell, the infection started from extremely outdated WordPress platforms that were saved as subdomains. I often use subdomains to test new tools and themes.
Because I completely forgot about these subdomains, they were left behind from 9 years ago. So, let the infection commence!
What was my remedy? I deleted all of the infected files as well as every domain and subdomain on the account. I was in the process of moving my websites over to GreenGeeks anyway, so this problem over the weekend just made it more of a rush than anything.
The original plan was to take my time and run speed tests for an article I was writing. There is a HUGE speed difference between Hostgator and GreenGeeks, and I wanted some data to demonstrate that difference.
Don’t worry, I made sure all of the domains I transferred were clear of this malware.
Luckily with ColoradoPlays.com, I was able to save the database. So all of the posts still have content, just no images.
A Lesson Well Learned
As I have quite a few semi-popular articles on this site, it’s a priority to upload images now. Luckily, some of them are not that difficult to retake. Unfortunately, this means I’ll have to uninstall and reinstall some apps in the tutorial section.
The loss of time is staggering! I put so much effort into creating tutorials and such that it’s going to take months to replace everything I’ve lost. In the meantime, I’m sure I’ll lose positions and traffic from Google.
It’s sad, really. All I want to do with this website is to help gaming charities. Most of these center around helping sick kids. What kind of a person goes out of their way to harm the innocent who has no way of defending themselves?
I do blame myself for not covering the sites better. If you remove temptation, you reduce the risk.
My bad. But, instead of feeling stress about it or wallowing in self-pity, I will learn and move on.
Have a Redundant Backup System in Place
Even though a web host says they’ll store your backups, don’t put all of your eggs in one basket. Now with the move complete, I am installing redundancy so this never happens again. In fact, I’ll have two secondary backup plans in play.
If you use WordPress, there are plenty of excellent plugins to use. Personally, I like those which automatically upload to the Cloud. The problem I have is some of my blogs are quite large due to images.
And free Cloud-based storage can only go so far.
Enable Core Auto-Update Features
Keeping the core files of platforms like WordPress can make a huge difference when it comes to protecting the site from issues like malware and exploits. I didn’t have any automatic updates running, which lead to my issue.
WordPress users can use plugins, connect to WordPress.com through Jetpack to enable auto-updates or use update features from tools like Softaculous.
The problem with automatic updates is that sometimes they can break the site. If a plugin, theme or core file change overwrites custom code, you’ll have to add those elements again. And sometimes an update isn’t compatible with what you want the site to do.
However, it’s better to err on the side of caution and keep your files updated. It’s easier to fix an incompatible plugin than it is to rebuild from scratch because someone took advantage of an exploit in your website.
Don’t Leave Old CMS Apps on Your Server
Perhaps the most important lesson I learned this time around is to never leave old content management systems or apps running on your web host account. In my case, I simply forgot to remove them. But that is still no real excuse.
If I would have taken the few seconds to delete those old subdomains years ago, I wouldn’t have to spend the next 6 to 9 months replacing all the images I lost.
The Silver Lining
Although this situation does have me a bit bummed out, it does come with some positive spins. Like I always say, “Nothing is truly a failure as long as you learn something from the experience.”
In this case, I learned quite a bit about keeping a website running. So, what positives are going to come from this experience?
Updating Old Articles
I need to update older articles anyway. This situation just forced me to do so at a much faster rate. And although I have no doubt I’ll lose engagement during the process, at least I’ll have fresh imagery and updated info.
Given the nature of Google Algorithms, it’s a good idea to keep content updated for relevance anyway. Who knows, maybe this will propel ColoradoPlays.com into a much better place in terms of search and engagement.
Moved to a Better Server Much Sooner
As I said before, I was in the process of moving the sites to the GreenGeeks hosting platform. GreenGeeks just has far better servers and cut load times off my other blogs by as much as 300%!
Dealing with this malware issue just made the process happen faster than I would have liked. Which may be a good thing, when you think about it.
I have a tendency to be a bit lazy and slow. This recent attack just lit a fire under me to get things moved over.
Now, all of my websites are benefiting from superior speed and efficiency.
Made Me More Aware
I can safely say that this problem will never happen again. I am a far better person thanks to this attack and will do what I can to make sure the blogs are protected, backed up and secure.
But what if I forget something?
Lately, I’ve been using a free account at Asana. It’s a management app that has helped me keep track of a lot of things lately. Asana is perhaps one of the most potent tools in my current arsenal.
Using Asana, I can plan out ideas and add tasks as I think about them. This way, I don’t merely “forget” to add a security feature, new content or ways to improve the gaming blog.
I even use it to plan out future YouTube videos.
Never Underestimate the Value of Good Security!
I know security is a major concern in today’s online world. My main three blogs were safe and secure, but the older pieces allowed the malware infection to spread rapidly. Do what you can to protect your own blog at all times.
And please, don’t forget to remove unused scripts from your site. The slightest exploit can cause a lot of damage.