Imagine you’ve been blogging for a while and are building a loyal audience who love what you write. One day, in a Eureka style moment, you come up with a killer product that ties in perfectly with your blog niche and the needs of your audience. It’s bound to be a success, right?
Turns out it is.
It’s hard to imagine who’s happier – your readers because you’ve created the product of their dreams, or you because you’ve found a way to make money from blogging.
Sales go well.
You start promoting your blog more. Sales go better – it looks like you’ve got a hit on your hands. You go to bed dreaming of the beach-front place in Mexico you’re going to buy.
Next day you wake up and it’s all gone
You log in to check your overnight sales and choke on your coffee. Yesterday’s sales graph tails off like a ski jump and so far today’s is a mocking zero.
Maybe there’s just a delay with the sales reports? It happens. So you do emails, walk the dog irritably and take a look an hour later.
Still no sales. You check your blog. Looks OK, loads like normal. Then you check the site stats. Big problem. The graph looks like another Olympics-sized ski jump.
Official Panicking Time
Closer investigation shows your organic search traffic from Google has evaporated. The people who search for and buy your product aren’t coming any more.
Stomach not good. You search for your site – it’s dropped two pages and has an ominous warning next to the link: This site may harm your computer.
Stomach much worse now.
Wait. What was that nifty post you read on WordPress security? Didn’t it say you could check Google Webmaster Tools for drops in your Google rankings caused by security issues?
You check. Webmaster Tools says your site has a malware – in other words, you’ve been hacked.
It’s always someone else’s site until it’s yours
10,000 new sites hacked every day is the official count from Google. And that’s just the cases they find via Webmaster Tools and their search engine indexing bots.
When big sites like LinkedIn and Twitter get hacked it’s headline material, but the real news is that it’s happening all the time to smaller websites and blogs like yours and mine.
How to protect yourself
My previous post on improving your site security covers the main things that website owners can do keep their sites – and all their hard work – safe.
Unfortunately, just as site owners get more savvy about protecting themselves, so hackers get better at breaking in. Even if you’re keeping WordPress (and all the plugins you use) updated regularly as you should, it’s still possible for a determined hacker to crack open the security on your server and run riot on your domain.
Automated security and scanner tools
Recently I’ve been testing a free service that does all the checking for you called WebsiteDefender.
The biggest attraction for me (aside from the “price”) is that it automates two vital tasks that a worryingly high number of site owners never do: Security checks and making regular site backups for when something goes wrong.
The daily security scanning system checks your entire web server for things like malware and viruses, common causes of the kind of business-losing nightmare described above.
The system sends me easy-to-understand alerts about infected files, otherwise invisible injected malware links (in things like blog comments that get approved because they look normal), shell scripts and local root exploits.
That’s not an extensive list of features but I sense your eyelids drooping.
It’s enough to say that WebsiteDefender checks for the type of security issues you might not understand but need to be protected against.
One useful feature I’ve never seen with similar services is checking for new or edited files – which are often the first sign someone is attempting to hack into a website. It’s the equivalent of trying the key in the door and is a good early warning sign.
Automated Backups and Easy Restoration
Not making regular backups of your site is asking for trouble.
A good web hosting company will have a backup system in place, but often it’s only weekly or monthly so you can’t depend on the backups being frequent enough to contain your most recent content and files. Many companies also attach a hefty three-figure price tag for restoring your site.
WebsiteDefender makes daily automated backups of your entire website, including the WordPress database and all theme and plugin files. That means if your site is attacked or infected, you’ll be able to clean and restore your entire site with a few mouse clicks.
It doesn’t make a backup if it detects malware on your site – so you can be sure the backup you restore is safe and not going to recreate the hack all over again. Instead, you can restore the last safe version of your site.
These are the main features of the service, you can see the complete list on the site.
Personally, I think WebsiteDefender is a great service because it’s an anti-virus security scanner and back up system all in one. It saves me worrying about two boring but important things so I can get back to the more glamorous side of running websites.
You can grab a free account here.
Final, important note if you’re using a free WordPress backup plugin: A lot of site owners don’t realize that most of these only make copies of the database. So although your post content and WordPress settings are saved, images, theme files and plugins files are not backed up.