Brian Basilico: Have You Ever Been Hacked?

Have you ever been hacked? I have, and it cost me over $10,000 to recover from it. I was running a web server seven years ago (if you listened to the podcast, I said 10, but it feels like 20), and I gave a free website to my church. They gave control to a volunteer who installed Joomla, and then they never updated the Joomla system. The system got hacked, which gave the hackers access to the web server core files to attack over 60 websites on that server!

I can’t blame them or myself – neither of us knew what we were doing. Did I mention it cost me over $10,000? That was measured through lost business, un-billed time spent fixing the problem, and so much more! Did I solve the problem? Yes I did, but the out of pocket expense was $2,500+ cash! What happened after I solved that problem? I transferred the websites, from clients I could salvage, to a new web server with a guy who could help me fix the problems. I paid $2500 to him to remove the hacks and get back to business.

Then, the owner of the company who ran the new web server I had transferred everything to, was charged with murder (no lie). Again in limbo, I called the guy who had rescued my websites, who basically took over the company, and I handed him my web hosting business for no profit. All I could say to him was, “Take Care Of Them.”

I kept my business WordPress websites with him, and guess what? I was hacked again, TWICE!

Hacked, Hacked and Hacked Again…Who Is To Blame?

Me.

Who Did I Blame?

I blamed everyone else. I held every person who hosted my websites responsible, as the owners of the websites I hosted blamed me. Why did the web hosting company not protect me or my customers from being hacked? After all, I was paying them $150 per month for a managed server. I was charging $15 per website per month, so I was making $600 per month. I thought the web server companies had my back (while spending hundreds of hours on technical support for $15 a month). The hosting companies could not have cared less, and I found out that the $150 per month they charged was just for space, not hacking protection. If I wanted that protection, it would cost another $1000 per month that I was not aware of. I could not pay that, since I could not make the math work in my favor!

So You Have A WordPress Website?

I have built WordPress websites for some of you. Others of you have had someone else build one for you. That’s all good, but are you protected from hacking? You paid someone around $60 per hour to build your site, and they in turn hired another person to actually do the work and paid them $20 per hour, which is great. It makes for pretty websites, but did they do everything in their power to keep your asset protected from hackers? I expect you to call them and ask!

So What Can You Do?

I had the pleasure of talking with and interviewing the WordPress Security Expert, Regina Smola, from WPSecurityLock.com. She offered 4 simple tips on how to protect your WordPress website from hackers…

1. It “IS” Your Website – Take Responsibility – No matter what you think, unless your website is part of a larger corporation, your website updates, maintenance and security are your responsibility! That means, you have to log into it every week at a minimum (every day is best). Check your Google analytics, Google Webmaster Tools and log into the back end at least once per week!

Watch Those Usernames and Passwords – Username: admin and Password: password1234 = Hacked. Change your username and passwords from the defaults, and change them as often as possible. I love 1Password, but there are other options, including browser plug-ins, that can help you create unique and secure passwords. 1Password and others can help you remember them, and you can share them across all of your devices, such as tablets, cell phones and laptops!

2. Update System, Plug-Ins & Themes – WordPress, themes and plug-ins are updated for a reason. Sometimes the updates are to give you new features and options. More often, they are updated to try to protect you from hackers. Hackers are working harder than you are to find the vulnerabilities in everything. WordPress, themes and plug-in companies, developers and programmers work hard to protect you, usually at no charge. Don’t look that gift horse in the mouth!
3. Get a Security Plug-In – Regina likes iThemes Security and I like Wordfence. Both of them rock, but they each have their pluses and minuses. Using either is better than using neither. If you have had your website built by me or have had Regina monitor your website over the last few years, then you already have installed Wordfence or iThemes Security. You may not know it, but you will thank Regina or me later!
4. Get Help If You Don’t Have The Time – If you do not have the time to monitor, update and maintain your website, then “Git Er Done”. As business people, we all understand busy! Then, do you have the time it would take to recover, rebuild and re-invent your website? Would that time not be better spent moving your website and internet marketing efforts going forward, as opposed to trying to recover from a hacking? That choice is yours – take responsibility and control!

What happens if you don’t keep up with the maintenance on your car, like changing the oil or rotating the tires? It will cost you money! Is it cheaper to do an oil change for $30-$50 every three months or to pay $2500-$5000 to replace the engine? I have learned that lesson the hard way, and I want to make sure that you don’t make the same mistakes I did!

You may never run a web hosting business, but your website is your asset. Keep your site running like a well oiled machine, protect it by paying attention to it and making sure it is protected. If you don’t have the time to do this yourself, then have a staff member do it or pay someone else to do it for you!