May was not a happy month for me. Just when the WannaCry and RansomWare attacks were going on, my site was also hit. I can’t verify that it was with one of those, but I can verify I really did wanna cry and in fact did cry in frustration about three days into the attack. I run two writer websites. One is this one, my author website. It has about 40 pages of actual book titles and connected links. The other site is, Windtree Press, the author cooperative I founded in 2011. It has 20 authors, about 150 published titles and then all the interlinking and connections of those titles which pushes the page count up around 300. To rebuild both of the sites took me about three weeks working more than full time every day.
I tend to be a fairly emotionally laid back person–both in my personal and professional life. I’ve lived long enough to know that I can get get through lots of crazy things without dying or killing someone. I worked IT for a number of years and I’ve seen my fair share of viruses, denial of service attacks, and trojan horses. But I’ve also been retired from that world for almost 10 years and I haven’t kept up with all the new types of hacks that have been created over that time. Ten years is a very long time in technology world.
I was running Wordfence, a program I know and love, and received daily scans and reports of all the hacking attempts that had been stopped. I also had a security scanning package and had regular nightly backups and, I thought, a security team behind me should I ever need them. In spite of all of that, when it happened to me I felt helpless to make a difference on my own two websites and a huge problem getting the people I’d been paying for the past four years to actually help me.
Though I was screaming inside the moment it happened, I tried to be logical and patient and work with the people I had in place–my host and another security company. After three days of being on the Blacklist with an ugly page like the picture in this post, I still couldn’t seem to get my issue resolved. The problem was I couldn’t get in touch with an actual person to find out about next steps. My host had decided sometime this year (unknown to me) to no longer have phone service AT ALL. They had a phone number on their website; but, when I called it a recording let me know they’ve decided to solely use Live Chat and email now because it was “more efficient and provided faster service” to customers. I’ve used Live Chat before and it worked for me. But that wasn’t an emergency. When my website is completely inaccessible to both me and anyone else who wants it, waiting to work my way through various levels of technical expertise is NOT what I wanted to do. After three days on live chat with people who were obviously in another country many miles from me, with an average of 6 minutes between each typed question and response, I saw my author career going out the window. Almost 10 years of building my backlist and finally getting some traction with fans and sales had people now seeing a big MALWARE warning whenever they came to my site. The security company I had was more than happy to help me for an additional $1,000 and may be more over what I paid them every year. It was definitely like paying a ransom.
So, I did the only thing I could do. I left my hosting company, dropping my security company, and started rebuilding my two websites from scratch. I simply couldn’t wait for the people I had in place to get their act together. AND I got a different security company to help get me back up and running and certify my new sites were clean, so my two domains would be removed from the blacklist. See the problem is, even if you move to a new host and your site is clean, your domain is still listed on all search engines as a malware site. Your choice is to request each one of them to rescan your site and then take you off the list. They do this in their own time. Google says it may take up to a week to rescan and then up to a another week to actually remove you from the blacklist. Do you know how many search engines there are? And then there are the private companies who certify sites and send out the information to all the search engines. Oy! My normally laid back self was freaking out big time thinking about having that Malware notice up for an entire month.
Fortunately, my new Security Company, SUCURI–recommended by my favorite SEO guys YOAST SEO–took care of it all and within 12 hours I was off the blacklists. Oh, and did I mention they actually have a phone number you can call? They display it on their website and when you call a real person answers and actually helps. And they cost a lot less than what I was paying previously. They kept in touch with me from the moment I called them, giving me updates around the clock. If I asked a question by email at 2am, I got a response within an hour. They told me when the site was clean and certified (about three hours after the initial call). They answered questions about what I could do to try to get data from the old site. The answer to that is much longer than this post, but there are steps that would have made it easier for me. They helped me choose the kind of security package that wold meet my needs for both websites moving forward. And NO they did not automatically suggest the most expensive package. In other words, they are real human beings who were willing to talk to me on the phone and keep in touch with me as they worked through the process of getting me back on track.
Can anyone guarantee I’ll never be hit again? No. If the CIA and NSA can get hacked with all their technical resources, I can too. Given the energy hackers spend I probably will be hacked again. However, I knowSUCURI will do their best to make sure it doesn’t happen and, if it does, I’m confident they will get me back up and running fast. I have a full plate of work every day with writing and marketing and keeping in touch with my readers. I’m happy to have turned this over to someone else. It is worth it to know THEY have a team that is now my team when I need them.
I highly recommend you look into what options you have for security and what would happen if you were hacked. Yes, it costs money. But how much would it cost in time and money to rebuild your business and your reputation after a hack that told everyone not to trust your site because it had malware on it? For me, it’s worth the cost because my website is the primary representative of my business around the world. How about you?