Site Hacked!

We were contacted late in the day yesterday by someone who's site had been hacked.

It was covered in ads and the site itself wouldn't even load. It simply showed a blank white page with ads on it. This site was a WordPress site. We discussed with the owner how much it would cost to fix, as well as explained how our ongoing maintenance plan would probably be more bang for his buck. The client agreed to ongoing maintenance and here's kind of a breakdown of what we did to resolve his woes, and get his business site back up and running.

We got to work quickly, backing up the existing infected site - so we'd have a base version to compare files to. Then we began running our security scanning tools on the site and repairing the damage that the hacker did.


Malware Detected!

Our Security Scan right away found Malware and vulnerabilities with the site.

The Hackers had injected PHP code throughout the site causing the site to display the ads. In addition they actually removed the site owner's Admin account.

Since the owner of the site didn't have any access to his WordPress Admin anymore he wasn't able to give us an account to get in and fix the site. We broke our way into the site by adding a PHP file through SFTP that would create a new admin user account for us. Once in we saw all of the plugins were using outdated versions and the WordPress core was also on an old version. Keeping your site's software up-to-date is critical to site security.

The versions of the software were too out of date to risk just updating them and hoping for the best, as the front end of the site could get screwed up by such a large jump in versions.

In order to play it safe we employed a "safe backup" procedure, where took a backup and screenshot before updating the wordpress core to the latest version, then we did the same for each plugin updating the core, and then each plugin individually. Then we compared each page of the site to the screenshot to ensure nothing went wrong. If something did go wrong we would have reverted to the backed-up version of the site taken just before that specific plugin was updated, and avoided updating that plugin. 

We then went through the content of the pages and found the hackers had used a database injection to inject links directly into the WordPress content. Since they used that method to add their spam, it didn't affect the Wordpress revision history.

revision history

Revision History

Because it didn't affect the history we were able to revert to the previous version and show content exactly as it was before the hack.

We then ran across some issues with some of the plugins being paid plugins that were out dated. We purchased a new license in order to update to a newer version of the plugin without breaking the functionality of the plugins.

All in all we had this done rather quickly, and the client has some any purpose hours left to call upon us to make changes to their site.

Has your site been hacked? Tell us about it through our contact form, we'd love to help you out.

How to maintain a WordPress site

We work with a lot of WordPress sites and maintain them for our clients.

The main things you need to do to maintain your wordpress site are:

  1. Keep your plugins up to date
  2. Keep your WordPress core up to date
  3. Keep your theme up to date (if applicable)
  4. Make sure your site is actively being backed up
  5. Check regularly for security issues.
  6. Optimize the performance of the site.

That's a lot stuff, and all of it is important, forgetting to do any of these things can have pretty dramatic undesirable results, for example: your site getting hacked, your site taking forever to load, or someone making a change to the site that breaks something and you need to be able to undo it.

There are a lot of plugins you can to do things like optimize your site's performance and help keep your site secure, some even can take backups. The challenge though is finding the right tools that are legitimate, work great, and are not going to bog down your site.

If you're looking for help with this, as well as help understanding how to update and manage your WordPress site, let us know because we can help!

We can even take all of the responsibility of maintaining all of these things off of your shoulders and let you do you. You should be able to keep focusing on the content of your site, and the value you bring to your visitors, not doing all the technical stuff.

How to use tech to wow and collect valuable data at a tradeshow

Over the past couple weeks we've been working with a client to wow visitors to their booth at a large tradeshow, as well as collect valuable data.

The project involved sales people walking around with iPads which were running a full screen web app, loaded with product information, slideshows, and call to action forms, which collected user's contact information and what products interested them.

Let's Talk Inbound Marketing

Content marketing is king, and Hubspot helped crown it. Hubspot is an excellent inbound marketing platform on which thousands of companies use to execute their digital marketing strategy. At Spin we are in and out of the Hubspot daily for our clients, working on everything from COS templates to custom integrations. If you need some help with Hubspot, we're here to help. Gary Wong is Inbound Certified and COS Designer Certified by Hubspot Academy.

Mobile First? Always!

Who doesn't love a great mobile experience? It's impossible today to work on web development projects without a mobile component. At Spin, we don't only build mobile-responsive websites, we also love working on mobile apps. Recently we've launched apps for clients in the insurance and jewelry industries, as well as various startups. We do work for agencies as well - call us today to see how we can help you!