L.G. Keltner http://lgkeltner.blogspot.com/
Denise Covey http://dencovey.blogspot.com/
Sheri Larsen http://www.salarsenbooks.com/
J.Q. Rose http://www.jqrose.com/
Chemist Ken http://hogwartssabbatical.
Michelle Wallace http://www.writer-in-transit.
I bet you can guess my insecurity. It’s the insecurity of the internet. Or should I say my insecurity is security? This blog got hacked multiple times in December. The first time, my link went to a message: Hacked by –(the hacker’s name). I called my host, Arvixe, and they restored my site from a backup. After I changed my password and reposted two weeks of missing posts, I tracked down the hacker on Facebook and asked him why he would destroy a children’s book blog. Turns out he didn’t. He attacked Arvixe’s server. I was a victim of someone else’s insecurity.
About the time I found this out, my blog went missing from the internet. I didn’t know that it went down 30 Dec until I tried to post on New Year’s Eve. Two support chats later, my blog was still missing. The second tech escalated the case to senior tech, but nothing happened other than their email to verify that I’m me. Well, duh. They’d already verified me by chat. And who else would want to restore my blog?
After waiting another day for the senior techs to fix my blog, I tried to restore it via the cpanel. Multiple attempts failed, so I kept studying security. WordPress has a whole bunch of info here. A little knowledge is dangerous though; I managed to change permissions so I couldn’t do anything to my files. Had to change them back so I could delete spam links I found. A day later, I was still deleting spam when the shift button got stuck, and I deleted important files. Oopsie.
Still hadn’t heard from Arvixe, so I decided I need a better host. After Christmas shopping! Whoopee.
Have you ever tried to find unbiased reviews of web hosting? I almost eliminated InMotion because so many affiliates listed them as the top host, but I called them because they have a “managed WordPress” option. It’s not exactly what the review said: taking care of security. I still need security plugins, strong passwords, etc. But their servers sound secure. They wouldn’t divulge whether they use OSSEC, but they did explain some other measures. More than enough to convince me to move.
Trouble was, they couldn’t take me until my files were clean. Sigh. At least they gave me links with instructions on how to remove malacious code, and failing that, to reinstall WordPress. I failed at both. Bigger sigh.
I downloaded Filezilla to work with my files via a remote access method called FTP. Sad to say, I but couldn’t figure out how to connect. So I opened another chat with Arvixe. Finally, I got a tech who succeeded at restoring from backup, but the spam inks were still there. He walked me through deleting some remotely, and he deleted the ones I couldn’t delete. Whew!
Next, I had to change passwords. Then I had to change themes because my old one wouldn’t update, a huge risk. No easy task. Hours later, I settled for ugly but functional. Then I tried to add Cloudfare because the first hacker said I need a cpanel firewall. Process started, I fell into bed.
I’m still tired, still working on reposting missing posts, for example, last month’s IWSG. Where did that go? But I’m here.
Now you’ve heard my insecurity, what’s yours? Better yet, what’s your security?