What’s a webmaster to do?
There is a lot to keep track of these days if you are brave (or some may say ignorant) enough to create and maintain your own website. Recently there have been several security breaches in WordPress, I have a post in draft where I was going to address them recently. Saturday morning I was pleasantly relaxing with a cup of coffee and surfing the net when I came across Tom Ewer’s excellent post on securing your site. I read the article and smugly thought, “Sweet, I have done all that, my sites are safe”. I left a comment thanking him and wandered here to check on the health of BP and was shocked to find a message,
“This site contains Malware and may hurt your computer”.
Oh my, what do I do? My first instinct was to reach out to someone in my network. I am forever grateful to have trusted online friends, who else would respond to my chat on a Saturday morning and offer suggestions! After doing some scans, I realized that BP was not infected, but Google was still Blacklisting the site without a clear reason.
So off I went to do my homework and determine what the problem was. It could have been several things.
In Tom’s article, he explains hackery well:
At the small/medium site level, hackers are generally looking to do one of two things:
- Use your website as a means of building a botnet of servers which they can use to do bigger and badder things
- Infect your website with malware that will drive search engine traffic etc. elsewhere
How does Malware get onto your site? By not staying up to date, not doing plugins, in essence, websites need attention. Read the rest of Tom’s article, he really says it best!
So back to my original dilemma. I knew none of the above applied. I contacted Hostgator and they opened a trouble ticket. I spent all day Saturday and Sunday poring over error logs and reading .php files, forums and Google Help forums. Seemed others had this warning, but were able to locate and delete the Malware, resubmit site to Google and move on. After hiring Sucuri (great service!) to do a full scan and coming up clean, I was still stumped. So I completely wiped out the data on the server and did a fresh install of WordPress. Because I use Manage WordPress, my site is backed up daily in a separate location, and I was able to restore from that.
I resubmitted to Google and still blacklisted! Finally the Security Team at Hostgator emailed me. Google was using SSL to check my site. Apparently if you don’t have a Security Certificate (only needed if you sell stuff) then when “https://” is put in front of your site, it gets wonky! Nobody could answer why Google would search BP that way. It stumped a lot of really smart people, all folks that I am grateful for having in my circle. You can find them in the BP Partners links to the left of this post.
I still have a bit of work to do to get BP in shape, but that’s ok