A WordPress Blog Hacking Nightmare – The Gory Details…

Get new articles sent to you. 

On April 11th, Pushing Social was hacked. This wasn’t the first time. Previous attempts were easily thwarted – kid stuff. But the jackass that came after me last Thursday didn’t pull any punches.

The hacker wormed his way through an obvious hole left open by my lack of attention. Yes, it hurts to say it but I was negligent.

From there he set up a sophisticated program that used my server to mail out thousands of spam emails. Since I normally email thousands of emails a day, his Viagra promoting emails went undiscovered.

This is where it get’s diabolical.

The poor folks who received those emails, clicked on links that drove them back to Pushing Social. No, I’m not selling illicit pharmaceuticals. But, Pushing Social had become a zombie host for over 20 WordPress blogs pumping this garbage.

I was totally unaware that Pushing Social had become a cog in a vast botnet meticulously constructed by criminals and misfits.

Getting to the Bottom Of It…

On April 12th, I received the first warning sign. Pushing Social went down. I use Chartbeat to watch Pushing Social’s traffic and alert me when the blog is offline.

I did all of my normal tricks. Restart the my database server, Reboot the server and pray. It worked for 10 minutes, and then my baby coughed, stumbled and went offline again.

No problem…I sent a support ticket to my (ex)host.

I explained the problem and soon received a response that the smart kids were on the job.

Two hours later they sent me an email that everything was fixed. Ten minutes later, the blog went down again. Another irate help ticket winged its way to Texas. Another hour later, I received an a totally unhelpful note that I had been “exploited”.

Folks, that is exactly how I felt.

During the time I waited for tech support to get to the bottom of the problem, I was able to figure out what the hacker had done. I saw the extent of his mischief and tried to fix the problem myself.

Bad move.

I erased files that were critical to WordPress. I inadvertently changed something called a “nameserver” that tricked Aweber into resetting my RSS Feed. Confused, Aweber sent out five emails to each of my 3000+ subscribers.

Within 10 minutes, I lost over 150 subscribers. Some took the opportunity to send me a nasty note. That sucked but I’m a big boy.

Finally on Friday, I cried uncle on Twitter. Brian Clark from Copyblogger sent me a quick note. It said – “I told you to use Web Synthesis.”

Quick aside: I consider Brian Clark to be Pushing Social’s Godfather. He’s always been there to give me help, a mention, or advice whenever I needed it. On Friday, I realized that I should have listened to the Don eight months ago.

I immediately went to Synthesis, took out the credit card, and did the right thing.

Within 15 minutes, they made me feel like a million bucks. Pushing Social was quarantined, cleaned, and shifted to their managed hosting service in about 12 hours (not bad since it was the weekend!).

Unlike my old host, Web Synthesis is a managed hosting service dedicated to WordPress.

Managed Hosting means that they take care of protecting my site from hackers and….myself. They close security holes. They tweak settings to turn your blog into a speed demon. Before shifting to Synthesis, Pushing Social loaded a page in 12 seconds. Now it serves the goods in under 3 seconds.

Happily Ever After?

On Monday, I got a weird error that indicated that Pushing Social was DOWN! I freaked.

I sent a note to my new “brothers from another mother.”

Cody at Synthesis told me that Pushing Social’s checkered past was coming back to haunt me. Remember all those spam emails that were sent out? Well it seems that folks were still trying to visit the site momentarily swamping the servers.

No problem though. Cody’s team blocked the bad traffic and I was back on my feet in no time. (Cody’s getting a Tupperware dish of my famous collard greens – shh… don’t tell him)

That’s the gory details. Here’s how to avoid this nightmare for yourself.

1. Get a Real WordPress Host. All hosts aren’t created equal. WordPress-dedicated hosts understand how to optimize their servers for WordPress blogs. They also know all the bad tricks the hackers love to play. My ex-host didn’t have a clue about WordPress and didn’t know how to help me. Save yourself the pain and host your blog with a WordPress-dedicated host like Web Synthesis.

2. Be Careful with WordPress Code. There are a million and one ways to leave the door unlocked with WordPress. I love to tinker and mistakenly left myself vulnerable for exploitation. If you aren’t absolutely confident in your technical savvy then leave WordPress’s “code” alone.

3. 777 is Never Ok. Each of the files on your server have permission rights attached to them. 644 means that the file is off-limits to everyone. 777 means that the door is left wide open. There should never be an occasion where you should leave a directory or file with 777 rights. I did and you see what happened. (By the way, if you have no clue about what I just said then don’t touch your WordPress files without help)

4. Be Careful With Plugins. “Hi I’m Stan and I’m a plugin addict”. I rarely meet a plugin I don’t love. Although plugins didn’t lead me to getting hacked, all the little tweaks I made to the “code” to make some of them work left me open to mischief.

5. Get Help Immediately. Like a Nigerian Scam victim, I was embarrassed about my hacking problem. I thought I could fix it myself with a little help from my old host. All I did was extend my suffering. If you detect a problem with your host then get professional help immediately. If you are using a host like Web Synthesis, they can nail down the problem immediately. If you suspect that you’ve been hacked, consider getting a security scan from a blog security and decontamination expert like Sucuri.

One More Thing…

I sent a love note to my subscribers yesterday. They put up with some irritating stuff last week. I discovered that a sincere apology goes a long way. Your readers will be patient too if you are straight with them. Hopefully you never experience the drama I went through last week. But, if you do keep your readers in the loop.

About Stan

Stan Smith is the Managing Director of Pushing Social a content marketing consultancy for aggressive, results-focused organizations.

57 thoughts on “A WordPress Blog Hacking Nightmare – The Gory Details…

  1. Pingback: How to Balance Your Blogging Tasks Without Going Crazy - Pushing Social

  2. Stanford Post author

    Sorry about that but definitely pay attention to your blog’s security. The best way to protect yourself is to go to Sucuri.net and get a Free scan. At least this will make sure that your blog isn’t sitting wide open to hackers. For a little extra money you can have the Sucuri guys do a security report. Well worth the cash.

  3. Gamin

    Your post suddenly made me fearful. I have only very basic WP skills and I have tweaked some of the codes I used for the plugins in my blog–several times. Now I am not sure if I have more than one door left open for hackers.
    For the benefit of newbies like me, can you tellme how I’d know if my blog was compromised?


  4. Ira

    I would suggest that you sign up for an account with theshosting.com. They provide free malware removal services on anybody hosted on there servers. My site was hacked at blue host and they were able to transfer it from blue host and also remove the malware injection for free!

    They were even able to tell me exactly where the hack originated from as well. They said it came from an outdated timthumb.php file which they were able to update for me.

    They also did a scan of my account and told me all the security vulnerabilities of my account.

    I honestly suggest switching over to them if your website is hacked. They can transfer and remove the hack from your site. Best of all they do this for free.

  5. Linda

    Good morning Stanford!

    Thanks for your words of warning. I’m constantly being told by my mentor to avoid ‘bad company’ and the impact they can have on how Google views the site – how horrendous to have that ‘bad company’ gate-crash you. I do hope there isn’t any backlash from Google because of this!

    And you confirmed my suspicion that ‘button-pressing’ should be avoided…..

  6. Pingback: 7 Links That’ll Make You a Better Writer and Online Marketer

  7. Pingback: viralsocialmarketing.com » 7 Links That’ll Make You a Better Writer and Online Marketer

  8. Pingback: 7 Links That’ll Make You a Better Writer and Online Marketer | Affaholic.com

  9. Pingback: Tweet-Parade (no.16 April 2012) | gonzoblog.nl

  10. Pingback: 7 Writing and Marketing Links That’ll Make You a Better Writer and Online Marketer | Affaholic.com

  11. Pingback: viralsocialmarketing.com » 7 Writing and Marketing Links That’ll Make You a Better Writer and Online Marketer

  12. Pingback: viralsocialmarketing.com » 7 Writing and Marketing Links That’ll Make You a Better Writer and Online Marketer

  13. Laura Click

    Stan – I didn’t get the emails, but noticed the site was down. I should have reached out. I hate that this happened to you. My site got hacked a few weeks back and it sucked. Sucuri definitely saved the day for me. When I asked around, folks told me not to even mess with my host. Securi had me up and running really quickly.

    And, maybe I need to look into web synthesis…

  14. Pingback: Pushing Social Digest – 5 Links Worth Reading - Pushing Social

  15. Sean Cook

    Hey Stanford,

    Thanks for sharing what happened, and the lessons you learned. Sorry this happened to you but glad you got back up and running.

  16. Orilevi

    Happened to me too, it feels like someone broke into my home and mess with my stuff. The same feeling!
    If someone want’s to unsubscribe from your list because of one problem that YOU don’t want him as well in your list.
    Good luck with the new host provider.

  17. Sonia Simone

    One additional lesson I think this shows — you’ve always delivered value to your audience, and when a glitch like this happens, they trust you. They forgive you.

    None of us gets by without the occasional impressive screw-up. (Anyway, I certainly don’t.) But when you’ve built that good will, you have a little social capital to get you through it.

  18. Stanford Post author

    Your right, never touch the core wordpress code. In my case it was creating new directories for uploads. And tweaking plugins.

  19. Max Water

    Glad that you survive the ordeal and live to tell the tale. I’m wondering, when you said “be careful with WordPress code”, are you referring to WordPress’ core files, or the theme and plugin files? Even if you’re a WordPress administrator, you shouldn’t mess with the core files.

  20. Stanford Post author

    Ugh..is right. My wife said that I was “off” until I got the whole thing sorted.

  21. Susan Daniels

    The same thing happened to me three years ago with my email account with Yahoo. It was so embarrassing. I completely sympathize with you. Thanks for revealing the ins and outs of this kind of a situation and some solutions as well. Warmly, Susan

  22. Donna

    Hey Stanford – awesome article. I love plug ins too but admit that I don’t know a lot about hosting and protection so love this article – I have passed it to my web guy who is currently moving me over to a new word press theme with a note attached saying “are we doing all this”. Thanks so much!

  23. Kylie Bartlett

    Hi Stanford,

    Thank you so much for your timely post. I got hacked last night & spent 4 hours re-building it….. arrgghhh! I’ll be sure to re-post this blog to my community.

    It’s funny I received all your copious emails last week & thought it was really odd (not normally your style) but because I respect & trust you, I knew something must have been up.

    The moral of the story, if you’re genuine and act with integrity online, your community generally won’t flinch at an out of character act (like most of us haven’t). If you’re constantly treading a fine SPAM line, opt-outs are a given!

    Love ya work!

  24. Sonia Simone

    Ugh, I know how this feels, my personal blog was hacked and it just feels wretched and nasty. Thanks for sharing all the gory stuff with us. :) So glad you’re up and running again!

    I love Sucuri, they were so helpful with my personal blog, and they offer a great service.

  25. Rocio Graciano

    Failure is a teacher harsh, severe, and rigorous. There is no doubt. But we spread the idea that failure is a full-fledged teacher. A teacher inflexible, fastidious proposed teaches valuable things for our good. It imposes challenges and sometimes harsh tests to pass for which we are not always prepared. But if something we discovered from it is our incredible speed to learn. And we learn a lot, but very fast
    Way to go! Stan

  26. Oscar Ventura

    In our life we must be like trees and bear fruit, no matter what. If there are insects, wasps and bees, is because our fruit has good flavor, you should be very clear and know that if they throw stones at you is because you bear fruit (Remember, no one throws stones at a tree without fruit)

  27. Todd Wilson


    I wanted to take this moment to express how much I have enjoyed being on your list and how much I have gotten from your work. Personally, the multiple emails I received over the weekend just allowed me to re-read some great stuff.

    I have been around the blogoshere for a few years now and recently have known some very popular sites that have been hacked. It is never pretty and each one of them has been attacked in different ways.

    I actually wrote a post recently of one of the ways your site can get hijacked through your Gmail account – you can read it here: http://www.sagaciousnews.com/google-website-hijacking/

    This happened to a well known blogger I have been associated with for the last 4 or 5 years and they actually had their domain stolen and didn’t even know it.

    This is easily managed using the steps I discuss in this post but it is something that seems to be happening across the internet so thought I would toss this in as a helpful piece.

    Rosemarie Rossetti said: Adversity precedes Growth.

    I appreciate how you have embraced your current adversity and it is obvious there has been great growth. The beauty of it is that we all have the opportunity to grow with you, if we choose.

    Keep up the good work, keep up the good fight.


  28. Phillip Hocking

    i posted this on google plus:

    sounds like maybe this guy needs not just a ‘good wordpress host’ but a competent network/systems engineer who manages/maintains infrastructure, patches vulnerabilities, creates backups, and redundancy that would prevent this from happening in the first place in a best case scenario. worst case scenario the MTBF (mean time between failures) and time to resolve such a customer-facing outage would be significantly reduced if not eliminated.

    it’s not like you have to pay millions of dollars anymore to have an enterprise-grade infrastructure, and people like me are not that hard to work with and be the person to call when you hit the panic button. if this is your livelihood, this should scare you a lot more than simply chalking it up to experience.

  29. Graham

    I’m fairly new, but I knew that what I was getting was far from the norm. Your reputation speaks for itself (and your subscribers sincerely appreciated the love note).

    Did I miss the post with the recipe for the famous collard greens? I need that.

  30. Lanonda (Lonnie) Moseley

    Wow…I’m really glad that happened to you cause this great blog helped me get to know you better (just kiddin’ about being glad you were hacked). Seriously, Stanford, what a great blog. Before this heartfelt blog about your experience, you were one of the 57 wonderful people I subscribe to…now your almost #1 (Christina Hills has the #1 spot). When your nerves are all calm again, remember to followup with me about my purchased Blog Review. Thanks for being you.–Lonnie

  31. Stanford Post author

    I can! Didn’t think the folks here wanted it. It’s up top under The Fix Your Email link.

  32. Richard Alan

    Hi Stan,

    What a nightmare. I didn’t receive the multiple e-mails, but would have reacted the same way several other commenters said. I’d delete them and think you had a virus. No big deal. Thank you so much for sharing your learnings with us so we can avoid having the same nightmare. I’m definitely going to check out Synthesis.

  33. Stanford Post author

    “…but for those of us who wear pants to work instead of diapers, it really wasn’t a crisis on our end.”

    Now that’s a quote I will take to the bank! Thanks for your support Steve.

  34. Wayne Kelly

    Thanks for being real and showing everyone how business should be done online. (and even offline) I have been nothing but impressed every since I first signed up…I’m sure you have built some true raving fans. Thanks for sharing how we can all keep ourselves safe.

  35. Aidy

    Got your email and I am glad you are up and running again! Glad you got the help you needed and start again with bringing the fresh to everyone!

  36. Jenn Whinnem

    Agree with you Jayme. I didn’t get any of the emails (thank you Gmail!) but I did try to visit PS and it was down.

    Glad you worked it out Stan. PS is one of my favorites.

  37. Steve

    I can’t understand how someone would get pissed off at five info mails. As soon as I saw them I thought “oops…mailing glitch; but there’s the series in a nutshell so I can dump the archive and just star these in one chunk.” Seriously, it’s not a big deal.

    “wah wah wah! i got emails from a newsletter i subscribe to!” Those crybabies have no clue what life is like in active marketing. Remember that article on why people hate buying from blogs? Yeah, these are the punks who do all the bitching. Forget about them. Glad you got it sorted out, but for those of us who wear pants to work instead of diapers, it really wasn’t a crisis on our end.

  38. Andrea

    Stanford, I’m yours. I will never leave you, like a jellyfish on your face. ;)

    Just kidding, but the real message is, I admire you and was not at all pissed off about the 5 emails. I’m sorry this happened to you and am so happy you shared the experience. I am forwarding this email to my FED guys (I’m an interactive designer at a design agency … if anyone cares to know the agency, you can click on my name). I think what you shared may be helpful.

    Thanks again for your blog. I’m a fan.

  39. Stanford Post author

    Wait – you have serious game! It’s just a matter of time before everyone sees it ;)

  40. Jayme Soulati

    You came clean, you apologized and if anyone truly knows you amongst your 3K peeps they would know something is amiss. I saw all that and didn’t give it another thought as I expected you knew, too.

    Thanks for sharing your learnings here; all excellent for those of us who don’t play ball as large as you do! Maybe some day!

  41. Stanford Post author

    Thanks Jen. You made my day. Definitely take a look at Synthesis. The folks over there really know what they are doing. I’m going to leave blog tweaking to the experts.

  42. Steve Kavetsky [Co-founder at AgooBiz, Inc.]

    Hi Sarah.

    Hackers do this for a number of reasons:
    * money
    * vandalism
    * to show other hackers what they could do
    * to deliberately attack the owner of the blog/website

    All above listed reasons show that hackers only have their own interests in mind.

    Some “vigilanty” hackers do this with good intentions [surprisingly]: to point out security holes in someone’s system.

    In Pushing Social’s case, it appears they did it to get people to click on product links. These hackers are probably getting paid by a company that is illegitimate, or a company that doesn’t care about ethical practices, or a company that hired some marketers who employ hackers while the company doesn’t know it.

    It’s sad that there are people out there who muddy the waters and make things difficult for the rest of us business owners and users.

    Hope this answers your question.

    Steve Kavetsky
    AgooBiz.com // The Social Commerce Network
    “WE work greater than me”

  43. Stanford Post author

    Unfortunately – hacking pays. These guys make millions from people buying stuff from hacked pages. It’s sick but true.

  44. jen

    Last weekend I surprised to see a half dozen emails in my inbox all at once from Pushing Social. To be honest, I deleted em and thought, “Hope that guy has a better day.” I didn’t get angry, in fact I didn’t really think about it until your apology email. And even though I wasn’t angry with you, I instantly respected you for that email. (The people who got mad need something better to do with their weekends.)

    Then I saw today’s email and couldn’t resist saying a HUGE thank you. I have no idea what web synthesis is, but since I do everything in WordPress, I am now going to go check it out. Apparently, it matters! I love WordPress and I too have learned the hard way to leave code alone (I once deleted an entire newspaper’s website that I had founded and owned. Thank heavens for backup files.)

    I also learned last week that WordPress themes and plugins can really mess up your site, or at least put some questionable spammy things on there. Choose carefully.

    Thanks for your blog because I learned a lot from it today.

  45. Georgina El Morshdy

    Stan, I giggled all the way through that post! I loved the way you turned a nightmare into a comedy and still found a way to work your blogging disaster into useful audience content. Great language and smart stuff! Also goes to prove if you make the effort to build a loyal tribe, they’ll forgive the occasional misdemeanour. Even a hacked biggie :-)

  46. Sarah

    I would love to know the reason hackers do this, What do they get out of hacking others blogs. I am so glad that you are up and running and all os good to go. Thank you for your tips. I need to see what security we have asap.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Estimated reading time: 6 minutes