My coaching website was hacked this morning. If it hasn’t happened already, there’s a good chance your coaching website will be hacked at some point. In this post I’ll walk you through a few steps you can take to protect your coaching website. I’ll also give you a few suggested tips if you ever end up with a hacked website.
NOTE: This article is going to be most relevant for coaches who use WordPress as the platform for creating their site. Most of the solutions I cover involve WordPress plug-ins. If you have a WordPress website you’re sure to benefit from reading further.
When I tried to log in this morning, I kept getting a “Database Error”. I was hoping it was just some small “glitch” on my side, so to find out if Coach’s First Year was down just for me, or if it was a more global issue, I did a quick check on http://www.downforeveryoneorjustme.com (it’s a good free resource you can use to see if a site is down). The verdict was in… “This Site Appears To Be Down For Everyone”.
I immediately called GoDaddy (my hosting provider) and they told me that hackers had installed “malware” on my site. Not knowing too much about malware or hackers, I asked a few more questions about what I could do to fix the problem, and prevent it from happening again. The woman I spoke with was wonderful. She deleted the “corrupt code” and walked me through the following steps.
- Reset passwords for all websites
- Add Captcha to your website. Captcha is just that box you see when you’re filling out a form on the web and it asks you to enter in the letters and numbers before submitting the form. The purpose of having a captcha box is to make sure the form is being submitted by a real person instead of a program designed by hackers to install malware. But, installing captcha isn’t a 100% guarantee that it will prevent people from manually installing malware. Here’s a link to the free plug-in I use: http://wordpress.org/plugins/captcha/
- Install a free Malware Scanner plugin. Here’s the one I chose because it seemed to have very high ratings and a lot of recommendations online: http://wordpress.org/plugins/gotmls/. It identifies possible malware and also helps you remove it.
- Add SSL To Your Website (Don’t worry if you don’t know what SSL is. If you call your hosting provider they can add this feature for you). SSL will encrypt any data that’s being sent between a user and your website. Some examples of data being sent between a user and a website are any forms you fill out, and membership log-in user name/passwords. This one isn’t free. At GoDaddy it’s $70/year for one site or $150 for 5 sites.
The whole process was relatively painless. It took about 20 minutes to fix and gave me a great topic for today’s Technology Tuesday blog post.
Hopefully these 4 steps will help prevent you or I from experiencing future “hacks” on our websites.
If you find yourself in a similar situation, I definitely recommend you call your hosting provider. If you use the two hosting providers I recommend (GoDaddy or Hostgator), they have wonderful customer service and they should have you back up and running in no time.
If you know any other coaches that could benefit from this information, please hit a few of the share buttons below.