Compromised. Hacked. Malware carrier. Suspicious site. Dangerous. Threat.
Those are all the words thrown at my blog by various sites due to a malware that entered my blog through the backdoor. According to one of the experts I talked to, there are various ways that a hacker can compromise a site. I am not much of a tech person so I didn’t list everything down anymore but took note of one important thing: regularly change passwords! I’ve been so complacent, not bothering to check my blog as regularly as I used to, and trusting that as long as my chosen password is strong, hard to guess, then everything’s okay. I was wrong.
My site got a malware virus from an attack I didn’t see coming. I was joining blog hops here and there and I am not sure if I got it from that. A few days ago, while joining a blog hop, a member of that group told me that her browser was issuing a warning that my site was compromised and that it posed a threat to her computer security. I checked and there was nothing so I ignored it. Then, another member told me the same thing. I ignored it again because when I checked, everything was normal. The following day, that’s when I began seeing something disturbing from my blog. I checked and that’s when the red warning appeared…
My site was tagged as a malware carrier!
I am not ashamed to tell you that I panicked. Why wouldn’t I? This site is my baby. It’s 10 years old already, turning 11 May of this year. Sasha-says.com is also a source of income for me so losing this site is a big no-no.
So, here’s what I did.
- I scanned my site for malware. I used Sucuri SiteCheck and Comodo cWatch. Both tools are free. I will write separate entries for both malware removal sites and will tell you what I think about each.
- I deactivated my site. When I found out that my site actually had malware in it, I deactivated my site by taking down all the posts and erasing everything that Sucuri said had malware or virus in it. I deleted the WordPress installation after saving some important details like the content of the sidebar and the pages. Then I deleted everything.
- I moved to a new webhost. This is optional especially if you know how to really clean out your cpanel but since I am in such a hurry to bring back my site to its old glory, I bought a new webhosting account. I will also write a separate entry for it. I added this domain there and installed WordPress anew.
- I submitted my site to Google Search Console Team and asked for a review. It will take a maximum of 72 hours for the review to be completed but mine took less than 24 hours only and I got an email from Google Search Console Team that my site is now clean and no longer poses a threat to its visitors.
- I purchased an SSL Certificate from Comodo. I want to assure this site’s visitors that my site is 100% clean and secure. Again, this is optional but a good blogger-friend of mine advised me that if I want to maintain a good site, I must invest in it.
- I installed a good anti-spam plugin. I used to have Akismet installed but since it now asks for payment for the use of their plugin, I opted to find an alternative. I found Antispam Bee! I read the reviews and it is the plugin I need. So far, so good. I installed and activated it before I opened this blog again. So far, it has blocked 6 comments meant to hack my css.
I tested this site in different browsers: Google Chrome, Microsoft Edge, Safari, Samsung Internet Browser (through my best friend), and ASUS Internet Browser.
No more warning from Google!
My blog is now back to regular programming.