• Ideas
    • Start Here
    • Team Management
    • Mindset
    • FBA
  • Build
    • Money Site Creation
    • WordPress
  • Monetize
    • Income Reports
  • Grow
    • Link Building
  • Tools
    • Tutorials
  • Services
  • About
    • Contact
  • Ideas
    • Start Here
    • Team Management
    • Mindset
    • FBA
  • Build
    • Money Site Creation
    • WordPress
  • Monetize
    • Income Reports
  • Grow
    • Link Building
  • Tools
    • Tutorials
  • Services
  • About
    • Contact
  • Ideas
    • Start Here
    • Team Management
    • Mindset
    • FBA
  • Build
    • Money Site Creation
    • WordPress
  • Monetize
    • Income Reports
  • Grow
    • Link Building
  • Tools
    • Tutorials
  • Services
  • About
    • Contact
  • Ideas
    • Start Here
    • Team Management
    • Mindset
    • FBA
  • Build
    • Money Site Creation
    • WordPress
  • Monetize
    • Income Reports
  • Grow
    • Link Building
  • Tools
    • Tutorials
  • Services
  • About
    • Contact

Category: Mindset

Building an online business like most challenges has a lot to do with your mindset. Getting your motivation, frames of reference and expectations right will have more of an impact on your success than simply following perfect SEO "rules".
MindsetToolsWordpress

What to do When a WordPress Website is Hacked!

A hacked WordPress site causes panic. It’s one of the most frustrating experiences a site owner can face. In this post, I will help you with how to detect whether a WordPress site is hacked or not along with steps to clean your site.

There will be a few tips, in the end, to prevent your WordPress site from being hacked in the future.

How to identify if your WordPress site is hacked?

When your site is hacked it will start behaving as it should not. Generally, a WordPress site can behave strangely without getting hacked. These issues are mainly related to internal settings and plugins causing errors. 

For example, your caching plugin can break your site’s layout, misconfiguration of the SEO plugin can result in 403 errors, a white screen because of code conflicts, and many more. But these are not necessarily the signs that a site got hacked. 

Let’s take a look at some signs you should be careful with that could be indicating your site is hacked.

  • First and foremost, you can’t log in to your site.
  • You haven’t done anything to your site recently but you can identify some changes. (It can be your homepage is replaced by a new page or  added new content)
  • The browser gives you a warning when you try to visit your site.
  • Google gives a warning that this site might be hacked.
  • Your site is redirecting visitors to other sites.
  • Your hosting provider has informed you about unusual activity.
  • If you are using a security plugin then you might receive a warning from it as well.

Now let’s look at these events in brief:

1. You can’t log in

wordpress-login

Sometimes you can’t log in to your WordPress admin dashboard because of a wrong password or because you have changed your login URL previously. While this is a potential warning of your site is hacked you should not be too quick to consider it. Rather try to reset the password and see if that will resolve your login problem.

If you can’t reset your password that can be a warning sign. Although, being able to reset the admin password doesn’t prove that your site is safe or not hacked. You will have to examine more to identify such potential threats.  

The reason why you may not be able to log in once your site is hacked is the hacker either changed your password or removed the user from WordPress. Sometimes they can replace the default login address i.e /wp-admin with something else. If so the site will give a 404 error when you try to visit this address.

2. Your site is changed 

If you notice that your site looks different whether it’s the homepage or your website theme without your acknowledgment then it can be a huge sign that someone has accessed your site without permission.

These kinds of changes don’t have to be something that can be spotted easily. Little changes like adding suspicious content, links to spammy or bad sites, and hidden links mean your site could have been hacked.

However, changes like theme or frontpage layout can be caused accidentally when you are updating your theme, activating a pre-built design for your site. I would rather recommend using themes from trustworthy & reputable sources. 

3. Browser warns the visitors the site may not be secure

site connection is insecure

Check your site on visitor’s mode and if you get a warning that the site is not safe it could be a likely warning that your site has been hacked. This can also happen due to a plugin or themes issue with SSL. 

In this case, try removing/deactivating the plugins to check whether that resolves the issue as well as check your domain SSL status. If that doesn’t help you should be careful and follow the advice given with the browser warning to diagnose the issue.

4. Search engine’s site hacked warning 

Another way to know your site is hacked is through the warning on Google’s search result. Google will display a warning message “the site may be hacked” on SERP under your site or page URL. If you are getting this kind of result lately, then there is a possibility that your sitemap is hacked.

this site might be hacked

A hacked sitemap or 403 error can prevent Google from crawling the website or at least it will affect the way Google crawled a site. It can be more than just a sitemap hack. You will need to diagnose and find out the origin of this problem.

5. The site is redirecting to external pages

can redirect to malicious page

If your site is redirecting to pages or sites that are not related to your contents, contain spammy or adult ads that could be a sign your site has been hacked. 

Hackers will probably add scripts or redirect rules which will take the visitors to other sites as soon as they visit yours. This can raise a serious caution in visitors’ minds while they are being taken to the pages they are not keen to visit. 

Such behavior not only harms your site reputation but also you will notice a significant downfall in every positive thing on your site, whether that be your daily visits, user engagement, revenue, etc.

6. Warning from your security plugin

Security plugins like Wordfence constantly track the activity on your site. You should have a robust security plugin that protects your site and keeps you informed of all kinds of suspicious activities so that you know what is going on in the backend.

If you have a security plugin then it should notify you about recent unusual activities or if someone is trying to access your site. Once you get informed about such threats regardless if the site is hacked or someone is trying to do so, you can take necessary precautions to protect your site.

Nevertheless, a warning email from your security plugin means bad activities are going on behind and might be a crucial sign of your site being hacked.

7.  Warning on your hosting panel

A reputed hosting service has inbuilt tools to monitor your website activities and report if illegal actions are recorded. You will also find a virus scanner to scan your website files for infected files providing backdoor access to the hackers.

Make sure you use a reputed hosting service and keep a close eye on the hosting’s site activity log. If you find any warning in there it could be a sign that someone is hiddenly working on your site. 

Now you know the behaviors that warn about a site that has been potentially hacked, let’s find out what you need to do to fix your hacked site and get it back to the ideal state.

WordPress site hacked: What should I do next?

Once you confirm your site is hacked, you will need to take the following steps to clean your site and get it back to its ideal state. You might not have to follow all the steps mentioned below as you might be able to fix your site at any stage of the following. 

Step 1: Don’t panic

don't panic

As I mentioned above a hacked site is the worst thing a webmaster can face, but the first key to progressing towards a solution is to stay calm. You do not need to be frightened in such a situation, instead maintain a clear mind to help yourself to proceed into the diagnosis part.

Since the site is still visible to the audience, to reduce the damage and bad impact consider putting the site into maintenance mode and relax a little bit. You can simply use a WordPress maintenance mode plugin to do that, or if you use Cloudflare then activate the under attack/development mode.

Steps to active maintenance mode in WordPress: 

  1. Log in to your WordPress dashboard (if the site is accessible)
  2. Go to plugins > add a new plugin.
  3. Install a maintenance mode plugin.
  4. Activate the plugin and set the maintenance mode to at least 24 hours.

Once the visitors can’t see what’s going on behind your site, you can take your steps one by one carefully. If you can’t access your site then browse it as a visitor mode to see whether the contents such as posts and images are appearing properly or not. If yes, you need to do a backup job from your cPanel or hosting dashboard. We will go to this step later in this article.

Step 2: Reset the password

have a strong password

Again this step requires the ability to access your site after being hacked. If you can access then it’s important to change the password of all user accounts since you don’t know which account is being used to access your site. If you have multiple users working on your site ask all of them to reset their passwords.

Once the user passwords are modified, next change your hosting password, database password as well as SFTP password. 

Step 3: Remove users

remove users from your wordpress site

If you find any user account on your WordPress site that you do not acknowledge it’s important to remove such accounts. Such accounts could be used by hackers to access your site and perform illegal activities. 

You can either remove them right away or confirm with your co-administrators whether they have recently changed their account details or not before finally deleting suspicious accounts. 

To remove a user from your WordPress site:

  1. On the WordPress dashboard expand users.
  2. Then click on all users.
  3. Check if you can find any user account under admin access that is out of your acknowledgment. 
  4. To remove a user hover on the user row and click on the delete option.

Step 4: Update plugins and themes

After removing suspicious users next you need to make sure that all the themes and plugins are up to date. Themes and plugins updates are frequently released by the developers to fix security issues and improve protection.

If you are using any plugin that is outdated or not compatible with your WordPress version try to get rid of such plugins if alternative and updated plugins are available. 

This step is really important because in case your site is misbehaving because of an outdated plugin or theme then you will be able to resolve your issue by installing the latest updates or an alternative. 

Updating a plugin in WordPress is pretty simple. All you have to open the installed plugins page and update the plugins in bulk or one by one. As for themes, go to Appearance > themes and update your currently installed themes.

Another recommendation, do not to keep hold of unnecessary themes unless you are planning to use them in the future. Although, the necessity of doing so is low in priority and entirely depends on your consideration. 

Step 5: Reinstall plugins and themes

reinstall plugins

Apart from updating the plugins & themes, you can check your site status by uninstalling the active plugins and themes. Updating a theme or plugin still can hold bad codes into it that didn’t catch the developer’s attention. 

If you are unsure about whether a plugin & theme is causing this problem or being the backdoor access provider then you should debug them at this point. Make sure to uninstall the plugins first and then see the site’s status. If deactivating/uninstalling the plugins bring your site back to an idle state then activate or reinstall the plugins one by one. Check your site’s status after every plugin activation. This way you can find out which plugin might act as a threat to your site. The same procedure applies to the theme diagnosis too.

Step 6: Remove unwanted files

To find out if there’s any file in your WordPress installation that shouldn’t be present install a security plugin like WordFence or use your hosting site scanner. This kind of tool will scan all the files in your hosting directory and inform you about any potentially infected files.

Run a scan and if you notice any such files in the scan result remove that file from your directory. It makes more sense to have a backup of your site before removing the file as well as analyze the file which you are about to remove to replace it with a fresher copy later.

Step 7: Clean out the database 

database cleanup

Doesn’t necessarily a way for the hacker to access the site but consider cleaning the database to remove unwanted or bloat entries. This will not only make your database take lesser space but also remove unnecessary rows and related data making your site load faster.

Step 8: Reinstall WordPress

reinstall wordpress

This step is necessary when you can’t access your site to make the changes we have discussed earlier. Make sure your site has the contents and no prior damage has been made to the structure of the site before processing these steps.

First, you need to take a backup of your database and wp-content folder using your cPanel or FTP client. Once you do that, go ahead and reinstall WordPress using the inbuilt installer. 

When WordPress installation is complete, now upload the backup contents into your new WordPress installation and configure or import the database backup into the new WP installation.

After that load your site and try accessing your site. In case the issue occurred because of a damaged WordPress installation then it should be solved now. Instead, use the database editor tool to find and fix your user account access. Once you do that you should be able to access your site in the usual way. 

Wrapping it up:

Having your website hacked means your site is losing user attraction as well as control over it. This could bring a severe impact on your business. So getting it fixed as soon as possible is important. 

I believe the above steps will help you to head in the right direction during such a bad situation. Let us know if you find this article helpful and do not forget to mention any steps you think should be mentioned so that it becomes more resourceful for the readers.

Looking forward to the next… cheers.

Read More
Jon April 5, 2022 0 Comments
Mindset

2 Day Workweek – Entrepreneurs Weekly Schedule (Summer 2020)

Summer (especially in Canada) is short! So how do I optimize my schedule to maximize summer family fun while pushing the business forward? 

For entrepreneurs who have the ability to modify their schedule how do you optimize summer while still pushing the business forward?

Assuming my kids will be less interested in hanging out with me by the time they are ~15 (optimistic) given my low level of coolness I am 50% done the summers I get with my oldest. 

Maximizing summer family fun is definitely a priority. 

This post looks at some past attempts and the structure I have for this unique COVID-19 summer. 

However, despite me wanting to maximize summer I also want to make sure the businesses get pushed forward!

Past Summer Schedule:

4 Day Work Week + 2 Weeks Off

This has been my attempt in the past couple of summers to maximize family time while still making sure everything needed gets done for the business. 

The Good:

  • Predictable schedule – Allowed for a weekend quality outing planned for each nice day. With me getting home at 3:30sh we were able to go do a hike, paddle, beach afternoon etc. 
  • Lots of Flexibility for My Activities (biking) – The dedicated Friday allowed me to go for a big bike ride and each day I could squeeze in a ride if I wanted.  

The Bad:

  • Didn’t Push Things Forward – Because of the shorter days and short weeks I never felt like I was on top of things and able to make a meaningful push on any project. It was a lost couple months of me advancing anything just treading water. 
  • Didn’t Build Grit – Generally, it was a very soft schedule that never really built entrepreneurship grit. 

This Summers Schedule:

This summer I am trying a more extreme schedule to try and deal with the major downsides of the last schedule specifically no growth time to push a new project forward and no grit building. While increasing the amount of time we can spend at the cottage.

2 Work all Day Days, 5 Stay on Top of Email Days

Now my schedule has 2 days where I work from 8am to 11pm at the office and then the other 5 days I work 1-2hrs just staying on top of email. 

Total hours is still near full time at 40hrs/wk but highly concentrated making every weekend a VERY LONG 5 day weekend.

The Good:

  • Builds grit… 2 hard days where I set big goals for what needs to get accomplished and limited ability to recover if I have a down day pushes me to be productive. This should have me coming out of the summer more ready to tackle the biggest growth time for my businesses (fall). 
  • Big Family Time… 5 day weekends provide the ability for lots of extended cottage time and canoe trips etc. 
  • Growth Work, not Just Maintenance – From a work perspective, I can get a LOT of growth work done since it doesn’t take me long to catch up, and then I have a lot of hours for new work in those 2 days. 

The Bad – Not sure yet but could be…

  • No recovery days – if I have an unproductive day 50% of my week would be shot. 
  • Slow Cycle Time – If an opportunity comes up that I need to push along it may sit for too long, the cycle time on my communication or pushing of a project might be too slow. 
  • Frequency of Adventures – I could miss a fun adventure… today the kids and my wife are body surfing a section of a river around here, last summer I would have gone with them, this year I am doing one of my work all day days so nothing but work for me.
  • Fitness – Each day I had a window of time for me to get out and go for a bike ride or go to the gym. Now my work all day days are dedicated to work and the 5 days  

Visually what does this look like…

I am interested in hearing other peoples schedules… what do you do?

Read More
Jon July 6, 2020 2 Comments
Mindset

4 Unfair Advantages To Grow Your Online Business Fast

How do you shortcut the process of making money online? First let me promise you there is NO path that doesn’t take years and lots of hard work.
Sorry if that is what you came here to hear but I am sure there is a course someone is waiting to sell you, who promises otherwise, elsewhere.

Read More
Jon May 26, 2020 0 Comments
Mindset

Covid-19 Impact on Online Business

In what are uncertain times, ecommerce could thrive. How can you adapt to the impact of COVID-19? It goes without saying that the current world climate is in an extraordinary situation. In what is an anxious,

Read More
Jon March 25, 2020 3 Comments
Mindset

How to Build Grit – Train Your Entrepreneurial Muscle

We are going to dive into what grit means, how to build grit, and finding out what a grit training schedule is. Based on my own experiences, I believe that how we define entrepreneurial grit and how we build it within ourselves are keys to success.

Read More
Jon December 13, 2019 4 Comments
  • 1
  • 2
  • 3
  • …
  • 8
Recent Posts
  • 2 Day Workweek – Entrepreneurs Weekly Schedule (Summer 2020)
    2 Day Workweek – Entrepreneurs Weekly Schedule (Summer 2020)
    July 6, 2020
  • 4 Unfair Advantages To Grow Your Online Business Fast
    4 Unfair Advantages To Grow Your Online Business Fast
    May 26, 2020
  • Covid-19 Impact on Online Business
    Covid-19 Impact on Online Business
    March 25, 2020
  • How to Build Grit – Train Your Entrepreneurial Muscle
    How to Build Grit – Train Your Entrepreneurial Muscle
    December 13, 2019

Services

  1. BrandBuilders.io
  2. LightningRank.com
  3. Speedy.Site
  4. SiteBuddy.io
  5. MotionInvest.com
  6. Originality.AI
motioninvest.com
brandbuilders.io

Engineering Your Financial Freedom with Online Business   Sharing everything (except my passwords) as I repeatedly build income streams from online businesses
Contacts
If you have any questions about this site or the internet marketing tutorials I have here please don't hesitate to contact me…
Email Me – Jon Gillham at…
jon (at) authoritywebsiteincome (dot) com
Services
MotionInvest.com
ContentRefined.com
SiteBuddy.io
BrandBuilders.io
LightningRank.com

Privacy Policy | Terms & Conditions

Copyright © 2021 WebsiteIncome.com All Rights Reserved.