Privacy compliance is one of those areas that seems to confound and confuse. So today we’re taking a look, in simple terms, at what’s involved. Do I need to comply with privacy and spam laws? If your annual turnover is $3 million or more then you must comply with privacy laws. You have to comply with spam laws regardless of your turnover. Remember that privacy and spam laws are not the same thing. There is some overlap between the two, however they are separate laws.
Every day, cybercriminals compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner. For example, unbeknownst to the site owner, the hacker may have infected their site with harmful code which in turn can record keystrokes on visitors’ computers, stealing login credentials for online banking or financial transactions. In this first step, we explain how and why hacks happen, and review options for recovery.
If you are unfortunate to experience a hacked WordPress site, while annoying, it can be fixed. We have fixed hundreds of hacked websites since 2008 and have developed this checklist to clean up and secure against future malicious intrusions.
This does require knowledge of MySQL, PHP and the WordPress code environment. If you are unsure of any of the steps, there are plenty of articles and videos if you search. Many will be technical so you may need help along the way if you get stuck. Feel free to reach out if you do need assistance.
Step 1. Preparation
- Put the website into ‘maintenance mode’ (optional but prevents people and search engines visiting and experencing undesirable activity)
- Take a complete backup of the website and database (IMPORTANT: Do this before doing anything so you have a point to revert back to if something goes terribly wrong)
- Create a copy of the site to perform the cleanup
- Scan the website to identify infected files and directories
- Scan the content to identify malware, viruses, bad links, and vulnerabilities
- Check logs for information about access and malicious activity
Step 2. Clean Files and Directories
- Remove Unused Themes and Plugins
- Scan Uploads Directory for foreign code
- Check and clean wp-config.php
- Check and clean .htaccess file
- Check and remove foreign files and directories
- Delete Infected Plugins and install clean versions
- Delete Infected Theme (if not customised) and install a clean version
- If Theme has been customised, clean up infections
- Delete WordPress Core and Install a clean version
Step 3. Clean Database
- Scan Database for infection and clean
- Remove Spam Comments
- Remove Post and Page Revisions (to prevent to accidentally reintroducing malicious content)
- Remove suspicious links
- Remove suspicious content
Step 4. Secure
- Change database Prefix
- Set file permissions to 755
- Set Directory Permissions to 644
- Create blank Index files to prevent contents of directories being accessible via browser
- Reset Salt Keys
- Remove ‘admin’ username
- Check User Roles and remove access for suspicious users
Step 5. Plugins (Install and Configure)
- WP Hashcash
- Jetpack and Activate Protect and Monitor Modules
Step 6. Completion
- Remove the infected live site
- Replace with the cleaned version
- Take a complete backup of clean site
- Optimise Database
Step 7. Ongoing Maintenance and Security
- Regular Backups of Website and Database stored securely away from the hosting server
- Keep WordPress up to date as each version is released
- Keep Plugins and Themes up to date as each version is released
- Delete Spam comments
- Keep Passwords strong and secure (Ideally use an application like LastPass.com to generate and securely store login details)
- Monitor and scan regularly for suspicious activity
- If you notice anything suspicious, take action to identify and resolve immediately
Need Help To Fix A Hacked WordPress Website
If you just want to get you website up and running again, or don’t have the time or technical know how to do it yourself, contact us and we will get you up and running again. This can normally be sorted out with a turnaround of a business day. If it is urgent we can down tools and get your website fixed in a few hours depending on the size of the site and the extent of the hacking.
You will need to provide:
- Administrator Access to the WordPress Website
- Hosting cPanel or Control Panel (with FTP and PHPMyAdmin)
- Fresh copies of Premium Themes and Plugins or login details to obtain clean versions
Ongoing WordPress Maintentance & Support
“Prevention is better than cure” – a cliche but so true online. Enquire about the Maintenance Plans available to keep your website safe, secure, backed up and optimised. If your website should be compromised you will be fully operational again in a matter of minutes rather than days. We look after and maintain WordPress sites for a number of clients directly, and for other web design and development agencies.
Lessons From The Age Of the Telegram
Social Media is today to email what the telephone was to the telegraph was to letters – a faster way to communicate with more people in a shorter space of time. But back then SPAM was a brand of awful tasting salted meat!
Telegrams were expensive to send compared to letters and the sender paid for every word. Consequently messages were short, to the point and conveyed a single idea as precisely as possible.
They a ‘call to action’ for the recipient, like Peter Sellers the actor who, while working in his study upstairs sent a telegram to his wife in the kitchen just downstairs:
COULD YOU PLEASE BRING ME A CUP OF COFFEE?
Superfluous word such as a, an, the, you, do it, etc were trimmed so that the essence of the message was conveyed with the minimum of words. Now doesn’t that sound like Twitter? The disadvantage of Twitter is that it is free and so much rubbish is tweeted. Used well it can convey a simple message or call to action succinctly but this may be more difficult than it seems. Mark Twain, and American writer summed up the difficulty when he receive a telegram from a publisher:
NEED 2-PAGE SHORT STORY TWO DAYS
NO CAN DO 2 PAGES TWO DAYS.
CAN DO 30 PAGES 2 DAYS.
NEED 30 DAYS TO DO 2 PAGES.
Newspapers were one of the biggest uses of telegram services and to save money they would often combine words or invent new words (lk txt msgs 2day J). A famous example from British newspapers where the word ‘no‘ was put in front of other words as ‘un‘ turning the two words ‘no money‘ into the single word ‘unmoney‘. A message from an editor to a journalist:
Received the reply:
UNNEWS. GOOD NEWS.
To which the editor telegrammed the response:
The famous author Rudyard Kipling was reportedly paid 50p per word calculating the earning from his writing. A group of students sent him 50p and asked for a word. He telegrammed back:
The shortest telegram sent was by Oscar Wilde, while living in Paris, to his publisher in Britain, enquiring on progress with a book he had written. His telegram read:
to which the publisher replied:
You can have a lot of fun with Social Media, and deliver memorable messages, evoking the curiosity in your readers, and inspiring them to action.
Both Mark Twain and Sir Arthur Conan Doyle apparently sent very similar telegrams to a number of prominent men, all of whom hurriedly packed their bags and left town immediately.
Their mischievous message?
FLEE AT ONCE — ALL IS DISCOVERED
Twitter places a limit of 140 characters on messages you can send. When composing your tweets, imagine you were required to pay $1 per character. What messages would you tweet?
P.S. If you really want to experience the nostalgia of the telegram (or for those born pre-1980’s experience the telegram for the first time) you can send one via the internet! Yes, it is true!
Check it out and send a telegram to your clients. It will be unique and memorable because chances are they will not have received a telegram in years if ever at all.
You can send an authentic looking telegram at Telegram Stop.