Site icon Search Engine People Blog

I Thought I Had Been Hacked, But I Just Failed To Follow Procedure

Stay Connected with Us!

This post is not directly about SEO or marketing, although hopefully the lessons learned from it can be transferred to all areas of running a website. This morning I started the day in a total panic.

My first task of the day was to review a new article I started writing yesterday. However, I was unable to access the admin section of Essex Portal. I first thought that there may be some strange browser cache problem, so attempted to login on Firefox (I usually use Chrome). When this failed I restarted the computer, just in case something else was blocking the website. Once this failed, I felt sure I had been hacked. I was suddenly sure that the worst possible thing had happened - a malicious hacker had taken control of my site and blocked me out!

My first thought was that the only option was to roll the server back to the last save, so I started copying the most recent articles and pasting them into a word processor so that I could add them again later. The website was still working OK, and there were no obvious changes. It was just the administration section I could not access. I also did a quick search on Google and WordPress to see if other people had suffered a similar fate overnight, but I seemed to be all alone.

After backing up all the posts written in the last couple of weeks I heading to the webhost control panel. I still had access to this, a good sign I thought, the hacker only managed to breach WordPress security, not the web server security. Before checking when the last backup was taken I decided to quickly look at the error log to see what unusual behavior I could see. Many cases of blocked IP addresses attempted to access the admin section of the site. Hang on, that was my IP!

Yes, I had blocked myself from accessing my own website. So, how did this happen?

I May 2012 I changed my ISP. At the same time I also bought a new computer. On the day I changed ISP I needed to update my .htaccess to add my new static IP to the whitelist. Yep, I block all IPs apart from my own from accessing the admin part of my site. As I was on a new PC I decided that rather than download and install a new FTP client I would just made a quick edit to the .htaccess in the webhost control panel. All was well. Until yesterday that is, when I merged some articles and then set new Redirect 301's in the locally stored .htaccess file. I uploaded it and then finished for the day.

Of course, this morning I could not log in because the .htaccess file I uploaded still had my old static IP address in it. Needless to say I was in a right panic until I spotted the real problem.

Set Objectives, Follow a Process

It is funny, as only earlier I was chatting to my pal Mat Bennett about the importance of staying focused and setting clear objectives and plans, and sticking to them. Procedures are important. As soon as your stray off the procedure (or process, as he called it) there is the chance that something unexpected may go wrong. And by the very nature of abandoning the process, when something does go wrong it can be very difficult to pinpoint where the error occurred.

This same principle of setting an objective and then designing a process to ensure that you meet your objective should be applied to all work - whether running a website, performing SEO tasks, marketing, design, researching and writing new content - it applies to everything really.

When you have a process in place you can analyze results and make changes wherever needed. Without a process you are working blindly, and when something fails, panic spreads rapidly.

Any task that is slightly complex needs a procedure. Yes, it is easy to work around them, and most people often do. However, experience shows that following a process every time can save a lot of time in the long run. It would have only taken me a few minutes to download and install a new FTP client back in May, but instead I took a quicker and easier approach. I could have saved myself a lot of time and stress if I did it right first time round!

If you liked this, you'll love How To Secure WordPress Against Disasters & Being Hacked