Hacker Demanded iPhone After Molesting My WordPress Site (…and What I Did)

(what the hacking dude told me... damn)
"That son of a b*tch!"

Forgive my French, but that was all I could say when a dude hacked this very site you’re reading

It was one ordinary day - August 20’ish of 2013

I woke up, connected to the internet… and boom!

Somebody molested my website, making it look like this:
(there are a couple more "defacements", but these are the screenshots I was able to get)
Of course I was shocked! I did not know what to do

My eldest daughter was just about 2mos old at that time…

…a time when I was cranky from having less sleep because of the baby

I wanted to find a solution online but I did not know where to start – I’m a nurse for crying out loud

Anyway, after hours and hours of snooping around, I was able to trace the guy who “I suspect” hacked me, at Facebook

(I can’t remember how I did it – but my guess is, I just searched for the name he left in front of my website… no heavy science or IT shit)

So, I contacted him, and the conversation went something like this (notice the time stamps):
(ok, I know... that was a pathetic conversation starter hahaha)
By that time, I was able to figure out how to at least get the “defacement” off my site...

(trust me, it took a lot of time – research, trial and error, PAIN)

BUT… it was a back and forth battle

I would fix it, then the “defacement” comes back again within a day

It was a nightmare, as I was doing the fix manually

He hasn't answered back yet

It continued a few days more until I contacted him again:
And we conversed some more...
And at 2:28am of August 29...

All I could reply to end our conversation was:
But of course… Hurricane Dexter would NOT give up without a fight

(…I could just imagine now how exhausted I was at that time)

We continued the back and forth “fix-deface” cat and mouse run… and he even got some of this hacking friends to tag along
(only screen shot I could recover, but I'm sure there were more of them)
My wife could only laugh and describe those guys as bullies...

(yep… online bullies, bullying me… but I got to hand it to them, they got brilliant minds lol)

After a few days, I felt we were going nowhere – so I decided to pull the plug

I transferred my website to another host

I just salvaged parts of my site that I could, and then moved on

One thing for certain:
I do not wish to get hacked again

And I don’t want my clients or friends to get hacked either

From there, I’ve been more particular about...

WordPress website security – at least, the very basics like:

#1. Do NOT use “admin” as a login username and have a stronger password (combination of lower and upper case letters + numbers + symbols)

#2. Keep your plugins and themes updated

#3. Host your site on a good one (here’s an affiliate link to one of the hosts I use: http://imgrowbox.com/tunedhosting)

#4. Keep regular backups of your site (there are free WordPress plugins for those – I use UpdraftPlus)

#5. Use security plugins – I used the free one called “WordFence” and it has kept me safe ‘till now

Recently though, I heard that some of the top security plugins (even my favourite WordFence) failed to protect a “test-site” from an exploit
Luckily, another plugin came out that solves those extra WordPress security problems...

It’s a paid one though, and you can find it here: http://imgrowhouse.com/siteguardian

(Yes, I bought it and installed it on my sites... and yes, I suggest you do the same)

Thank you for your continued support to my blog by getting it thru my affiliate link here

I wish you learned from this post, and most importantly, a safe site to you

from way up high
Philippines’ City of Pines
Hey there buddy, care to share what's on your mind?

Share this article


Leave a comment

Your email address will not be published. Required fields are marked *

[wpob id="1"]