- Home >
No one ever wants to hear those words. “You’ve been hacked!” Sure enough, when I went to the blog, I was greeted by this:
It slowly scrolled up and told me how good my security was, but how they were far better. Blah Blah Blah. I figure that it’s just a group of script kiddies somewhere who don’t have a clue and are just getting their jollies from defacing some websites. The real kicker here was that I went to check each of my websites, and they were all showing the same thing! 🙁 That’s one of the joys of shared web hosting. When one is torched, it’s almost a sure thing that everything is gone.
I contacted my hosting provider Dreamhost and received instructions on how to get my websites back up and running. Unfortunately there is no simple way to roll them back, so I had to go through each one and create new WordPress installations, copy the database and uploads from the hacked folder into the new one, and re-install my themes and plugins. This started off as a very slow process, but after the third or fourth time, I began to get the knack of it. Let’s just say that I’m now pretty proficient in understanding which WordPress files are key to holding your data.
So how did these punks get in in the first place? I don’t know. The most likely scenario is that one of my WordPress plugins or themes had a vulnerability in it, allowing them access to all my sites. Wordpress plugins get updated all the time, and it’s a big pain to keep them up to date – especially when you are running multiple sites. Some of my sites are not actively used, so I rarely log into them. That makes them especially vulnerable to hackers looking for access.
How do you manage multiple WordPress sites to keep your plugins or themes up to date? There are some services out there that allow you to update everything from a single dashboard! One of the free ones I found is WP-Remote. Their website claims “Monitor and update all of your WordPress‐powered sites. 68,253 WordPress websites already do.” I created a login and added a plugin to each of my blogs that I wanted to manage. Voila! This is what the WP-Remote dashboard looks like:
You can see the list of WordPress sites on the left hand side, and easily determine whether they are up to date or require action. Installing updates is as simple as clicking a single button on the right side to update all. Within seconds everything is good to go! This is a brilliant service, and saves me a ton of time! I’ve made a habit of checking in with WP Remote in the morning and updating any files that require it. Did I mention that it’s free? They sell a premium version of their service that adds things like automated backups, but I’ve discovered that I don’t need to pay for those. Why not? Keep reading, and I’ll tell ya!
Updraft Plus is a fantastic (and free!) WordPress plugin that performs fully automated backups on whatever schedule you set, and saves them locally as well as on virtually any remote storage location. They offer a premium plan that gives you more control over how those backups are performed, but I’m OK with the free version for now.
Free managing dashboard. Free automated backups. What a great deal, right? Yup! But there’s one area that I DID decide to splurge a little money on. I’ve been a faithful Dropbox user for years, and I’d worked my way up to 14GB of free space, but it just wasn’t enough. So with the money that I saved from the other two services, I upgraded my Dropbox to the Professional plan. For $109/year I now have 1TB of space. That’s more than enough for all my backup needs. Famous last words.
So while this hacking incident has cost me some time and money (lost Adsense revenue and increase purchasing) I’ve learned a great deal about WordPress installations, the critical files, bulk management, and now have a solid backup/restore plan in the event of a catastrophic failure in the future. It was a difficult pill to swallow, but I think that the lessons learned far outweigh the loss.
Let’s hope that I never have to deal with this again. But if I do, I have the right tools in place to minimize any downtime.
I’m sure that you’ve probably noticed the little underlining under some of the text in the message posts. It’s pretty hard to ignore, isn’t it? I’m experimenting with an advertising platform called Infolinks, which specializes in monetizing blogs by delivering relevant advertisements based on the content on the page. In many ways this is similar to Google Adsense, but the approach that Infolinks takes is they turn the actual text into a clickable link.
In some ways this is similar to the 123Linkit clickable links that already appear in the blog, except that Infolinks is a pay-per-click (PPC) model, and 123Linkit is an affiliate marketing model. I somehow doubt that I’m ever going to get rich from either of these systems, but I’m always willing to experiment and see what happens.
Please bear with me as I figure this out.
Google Adsense does not like small blogs! Plain and simple. It amazes me that there is no real alternative to Adsense. Yes, if you search for alternatives, you will find some… but none of these are as good as Google claims to be (on paper). I dabbled with AdBrite last year, and I might end up using it again if Google bites me in the ass like it did recently to a friend who runs a small gaming website.
It’s probably taken him over a year to get the click-throughs to finally reach the minimum $100 payment level that Google Adsense demands. But that’s not a guarantee that they’re going to pay you anything. No… in his case (as in another that I’m all too familiar with from last year) Google has deemed that his site posed a significant risk to [their] AdWords advertisers.
Now I completely understand that Google has to protect the integrity of its program, and that click fraud is a problem… but I think that when you run ads on your website for over a year and then only just barely manage to reach the minimum payout amount… that chances are you’re not running a click fraud scam. Sure, you may have people occasionally click an ad who really don’t have any intention of purchasing the product, but in the grand scheme of things, whether you make a purchase at that time or not… the advertising value should not be arbitrarily negated by Google’s heavy-handed policies. If I sit down to watch a new episode of House, I generally have to suffer through 4 separate commercial breaks, running 3-5 advertisements each. Many times that ads are repeated… sometimes back to back! Do advertisers expect me to stop what I’m doing and run out and buy their product? No. But the impression has been made. They are getting some measure of value just from presenting me with their message. I don’t see how that differs from online advertising. If I click a link that takes me to the latest Thesis WordPress premium theme, yet I don’t make the purchase.. does that necessarily mean that I won’t do it later?
And why does it take Google so long to assess whether your site is complying with their terms of service? I’m sure that my friend was quite excited as he approached the $100 point after such a lengthy period of time. Surely Google has the ability to do periodic assessments of sites displaying their ads. It just doesn’t make any sense!
I’m quite skeptical whether I will ever see a dime from Google from the ads on my blogs. It’s taught me another valuable lesson… don’t put all your eggs in one basket. I already knew that, but it certainly reinforces that lesson.[Update: Yup! Google did kick me out of their Adsense program for supposedly violating their policies. Not impressed.]
You may have noticed the sudden inclusion of advertising again on the blog. I’m still not convinced that it’s the way to go, but I’m playing around with it, trying out different things. Placement is key. By default I had it running down the bottom right, but I don’t think that anyone even scrolls down that far, and I didn’t want to have it at the top. I’m not a big fan of banners and in your face stuff like that. Maybe that’s the kind of advertising that is good for bloggers, I don’t know. But I was looking for something a little more subtler. And yes, I realize that I’m not going to be able to quit my day job based on a few clicks, but it’s a start. I wanted to try a few things here before I migrated them elsewhere.
Hopefully people don’t find them too annoying. As always, feedback is appreciated.
Thanks for reading!
You may have noticed a tiny little coffee cup icon at the bottom of this post. I read about an interesting little plug-in that I’m testing out. It’s called “Buy me a beer”, but since I don’t drink beer, there is an option to change it to a “cafe” as well. I don’t drink coffee either, but I’ll consider hot chocolate to be close enough to “cafe”. I’ve looked for a “Buy me a Coke” plug-in, but that doesn’t seem to exist. (If anyone knows otherwise, please let me know)
I’m looking at testing different things with the blog, to see what works and what doesn’t, before implementing those things on some of the other projects that are being worked on behind the scenes. You might see the plug-in replaced by something else in the future. I’m still waiting for Google to approve my AdSense application, but they seem to be quite slow. Amazon approved me within 24 hours, but Google seems to be a little more picky.