Archive for the ‘Wordpress Must Haves’ Category

Do These Three FREE Actions To Keep Your WordPress Website Safe – And Save Yourself Time and Money If Your Website is Hacked.

March 7th, 2019

Note: This post may contain affiliate links. Please see our disclosure page for more information.

I learned my lesson the hard way. Read my nightmare story about the time FOUR of my WordPress websites got hacked at the same time.

You can’t prevent evil hackers from attempting to infect your WordPress website. But there are THREE actions you can do to save yourself the headache, time and money of recovering your hacked website and cleaning your files of the malware. Today, I always do these three actions regularly to every website that I manage. So, I emphasize to you: DO THESE THREE ACTIONS REGULARLY. The good news is two of the three actions are automated and it does not cost you anything. You have no excuse!

IMPORTANT ACTION #1: Install Wordfence

Wordfence is a FREE WordPress security plugin software that protects your website from hacks and malware. You can upgrade to the premium account for only $99 a year, but the free version of Wordfence will protest your website 100%. Visit Wordfence’s website to read the details and download the plugin.

Why do you need Wordfence? Install the free version and you will see why you need the security. You will receive email notifications to let you know when someone has logged in to your WordPress website, PLUS you’ll get notified when someone attempts to log in to your WP website – it even tells you what username they tried, the country where the hackers are located, and how many times they tried to login in. The regular summary report will show you what files have been modified and what malware hackers attempted to upload.

IMPORTANT ACTION #2: Install UpDraft Plus

UpDraft Plus is a FREE WordPress plugin for scheduling regular automatic backups of your website files. It will also restore your website to one of your backups. Your backups are saved into the cloud of your choice. DropBox, Google Drive, Amazon S3 to name a few. There are more options in the paid version.

WHY DO YOU NEED UPDRAFT PLUS? Having a full backup of your website is how you will save time and money. When you don’t have a backup of your website prior to being hacked, you have no choice but to recover your broken website and if you are fortunate to recover it, you will need to clean your website by finding all the files infected with malware.

IMPORTANT ACTION #3: ALWAYS update files to the latest version of WordPress and all themes and plugins – especially Wordfence and Updraft Plus.

Don’t wait to update outdated versions of WordPress and your themes and plugins. Hackers know when new versions become available. You will leave your website vulnerable if you wait. You can have WordPress, Wordfence and Updraft Plus automatically update when there are new versions.


Can you log in to your WordPress website’s admin account? If yes, go to your UpDraft plugin settings and restore your website to an older version that you are confident is clean and was saved prior to the hacking incident. Once you have restored your website to a previously backed up version, UPDATE WORDPRESS AND ALL THEMES AND PLUGINS. Then go to Wordfence and Run A Scan to make sure your files are clean.

If you installed Wordfence but you don’t have a full backup of your website (using Updraft Plus or any backup plugin software): Go to your Wordfence settings and Run a Scan. Have Wordfence fix repairable files and throw away infected files. Run a Scan again until it shows your files are clean. Now, UPDATE WORDPRESS AND ALL THEMES AND PLUGINS and INSTALL UPDRAFT PLUS.
If Wordfence can’t completely repair your website files and it detects that infected files exist on your website, read my story: “How I Recovered Within 24 Hours When FOUR of my WordPress Websites Got Hacked”. I share my miracle solution that can clean and restore your hacked website within hours.

If you can’t load or log in to your WordPress website and you are pretty sure your website has been hacked, read my story: “How I Recovered Within 24 Hours When FOUR of my WordPress Websites Got Hacked”. I share my miracle solution that can clean and restore your hacked website within hours.

How I Recovered Within 24 Hours When FOUR of my WordPress Websites Got Hacked

March 7th, 2019

Note: This post may contain affiliate links. Please see our disclosure page for more information.

I am sharing my story in hopes of helping you avoid my nightmare. But in the event that your WordPress website does get hacked, I have your solution! I am here to tell you no matter how bad your “hacked website” story is, it can be fixed without breaking your bank.

So how did I get FOUR websites hacked at the same time?

I create WordPress websites for clients, and I own many websites too. I have a webhosting account that can host unlimited domains on a single account. On this account, I have four WordPress websites hosted. That means all the website files are in the same shared server space. I can’t explain HOW they accessed all the websites, but since all the files are in the same large directory for my account, it seems plausible that a hacker can infect all the files in the same account.

How Bad Was The Damage?

Two of the websites were not loading. If a visitor went to the website, only a blank page would appear. I also could not log in to the WordPress admin accounts. The other two websites were loading BUT had long strings of characters appearing above the header. I had seen something like this before, so I knew it was hacked. But how bad was the damage? I thought (hoped) it was easy for someone like me – a mid-novice front-end developer – to find the bad code and delete it. I accomplished once before on another WordPress website.

The FIRST Thing I Decided To Do…

was probably the same first thing most people who manage their own websites do: SEARCH FOR A SOLUTION ON GOOGLE. There’s always someone else who already solved this same problem and posted about their solution, right? Plus… the solution is FREE. Indeed, I found many published solutions, so I was feeling that things were going to be OK.

But Things Were Not OK

None of the solutions I found worked. I spent 5 hours googling and implementing whatever solutions I found, and nothing was working. While I was googling for answers, I also was seeing cleanup services for hacked websites. After SEVEN HOURS that included the wee hours of the night, I decided to look at several services. Almost all of them were apps or businesses with fancy websites and lots of promises. The prices seemed reasonable but I had FOUR websites that were hacked. They all wanted me to hit a BUY button. But I wanted to talk to someone first.

The SECOND Thing I Decided To Do…

was search for testimonials from people who had hired a service to fix their hacked WordPress websites. It did not take long to narrow down the choices. One service stood out from the others. There were THREE reasons: (1) This one service had many reviews. (2) The service’s website was a straightforward, no B.S. page showing the face, the name, and the phone number of the very guy who would be coming to your rescue. His webpage says “I love fixing hacked websites!” and he says “If you Google me, you’ll find pages of links where I help people whose websites have been hacked.” And the best reason of all… (3) He offered a money back guarantee.

I Found My Savior!

My solution was to hire Jim Walker, a.k.a. The Hack Repair Guy.

It was now the morning of the next day. I was desperate and felt I had already wasted too much time trying to fix it myself. I called the published phone number AND I emailed him.

I got a call back from Jim himself within 5 minutes. And just as his webpage states, “I will start immediately in fixing your website—no waiting.” He gave me his price to fix ALL FOUR WEBSITES. His price was a flat rate. No sticker shock! I was grateful. This unexpected expense was not going to break my bank.

What Happens Now?

Is it like when your friend goes into surgery and you have to sit and wait for the surgeon to come out of ICU? Not at all.

Jim sent me progress notes for every milestone. The process was very transparent. He would let me know if there was something he needed me to do or if there was information that could help. I also could tell him when I would be unavailable – for meetings, a class, or for any reason.

He was also very honest. There was one website that was the most damaged and seemed hopeless (to me). I told him I would be OK if I had to lose it. He would not give up! He charges a flat rate, so he doesn’t gain anything to put in more hours. This is when Jim really proved that he LOVES to fix hacked websites.

By the end of the day, 90% was fixed. It was a 12 hour day.

By the morning, all four websites were clean and running again. Less than 24 hours from the time I called, all four websites were now FIXED.

Jim wrapped up his service by implementing three actions and giving me very important and sound advice. It was nothing new. But now, I realize how important these THREE actions are to keep your WordPress website safe.

You don’t have to go through my nightmare to recover and clean your hacked website if you do these THREE actions.

Read “Do These Three FREE Actions To Keep Your WordPress Website Safe – And Save Yourself Time and Money If Your Website is Hacked.