Back to regular programming.

back to blogging

Compromised. Hacked. Malware carrier. Suspicious site. Dangerous. Threat.

Those are all the words thrown at my blog by various sites due to a malware that entered my blog through the backdoor. According to one of the experts I talked to, there are various ways that a hacker can compromise a site. I am not much of a tech person so I didn’t list everything down anymore but took note of one important thing: regularly change passwords! I’ve been so complacent, not bothering to check my blog as regularly as I used to, and trusting that as long as my chosen password is strong, hard to guess, then everything’s okay. I was wrong.

My site got a malware virus from an attack I didn’t see coming. I was joining blog hops here and there and I am not sure if I got it from that. A few days ago, while joining a blog hop, a member of that group told me that her browser was issuing a warning that my site was compromised and that it posed a threat to her computer security. I checked and there was nothing so I ignored it. Then, another member told me the same thing. I ignored it again because when I checked, everything was normal. The following day, that’s when I began seeing something disturbing from my blog. I checked and that’s when the red warning appeared…

My site was tagged as a malware carrier!

I am not ashamed to tell you that I panicked. Why wouldn’t I? This site is my baby. It’s 10 years old already, turning 11 May of this year. Sasha-says.com is also a source of income for me so losing this site is a big no-no.

So, here’s what I did.

  • I scanned my site for malware. I used Sucuri SiteCheck and Comodo cWatch. Both tools are free. I will write separate entries for both malware removal sites and will tell you what I think about each.
  • I deactivated my site. When I found out that my site actually had malware in it, I deactivated my site by taking down all the posts and erasing everything that Sucuri said had malware or virus in it. I deleted the WordPress installation after saving some important details like the content of the sidebar and the pages. Then I deleted everything.
  • I moved to a new webhost. This is optional especially if you know how to really clean out your cpanel but since I am in such a hurry to bring back my site to its old glory, I bought a new webhosting account. I will also write a separate entry for it. I added this domain there and installed WordPress anew.
  • I submitted my site to Google Search Console Team and asked for a review. It will take a maximum of 72 hours for the review to be completed but mine took less than 24 hours only and I got an email from Google Search Console Team that my site is now clean and no longer poses a threat to its visitors.
  • SS-Google

  • I purchased an SSL Certificate from Comodo. I want to assure this site’s visitors that my site is 100% clean and secure. Again, this is optional but a good blogger-friend of mine advised me that if I want to maintain a good site, I must invest in it.
  • I installed a good anti-spam plugin. I used to have Akismet installed but since it now asks for payment for the use of their plugin, I opted to find an alternative. I found Antispam Bee! I read the reviews and it is the plugin I need. So far, so good. I installed and activated it before I opened this blog again. So far, it has blocked 6 comments meant to hack my css.

I tested this site in different browsers: Google Chrome, Microsoft Edge, Safari, Samsung Internet Browser (through my best friend), and ASUS Internet Browser.

No more warning from Google!

Yey!

My blog is now back to regular programming.

You may also like