Valentin Vesa is part of the great Sucuri team, the widely-used website security provider, and our Plesk partner. They offer SaaS cloud-based solutions to system admins to ensure integrity and availability of their websites. However, Val’s first contact with Sucuri came well before his employment. See how Sucuri saved him from hackers. His story from WordCamp Seattle – #WCSEA.
Well, it all started with ShoeBox
Val started the ShoeBox project in his family during Christmas 2007. He tried to teach his boy to share toys and clothes with other poor children from the building. They then used to go around locally and “advertise” the campaign through Yahoo messenger statuses and email groups.
In 2009, the charity project got too big for Yahoo messenger, so it was time to create a website. Val decided to “Get online in 5 minutes” with WordPress and got a free theme since it was a non-profit project. Soon enough, it grew into a multinational charity and all was going well. Until the website experienced a hacking attack.
ShoeBox gets hacked on Dec 22, 2014
And there were major direct impacts:
- Spam mails generated from the website
- Their hosting provider warned they would suspend the website
- The email server was down
- No online presence mid-project because the website was down
- The website got blacklisted and visitors would see a warning, which demolished credibility.
- Visitors were being redirected to pornographic content from this children’s charity website.
The self-mitigation attempt
Val conducted a few self-checks to discover what had gone wrong.
- Were there any .htaccess edits done?
- Any unauthorised FTP access?
- Recent additions to the WordPress user list?
- See any unusual content in MySQL/phpMyAdmin?
He even changed the passwords for FTP and cPanel and scanned the access computer for keyloggers and malware. This worked and the website was now clean and back online. But only for two days. Because on December 24, there was a new attack!
Val realized that it was about time to ask for help. And a quick Google search led him to Sucuri, a globally recognized cybersecurity company for websites and web applications. Using their live chat, he got the professional help he needed. And Sucuri fixed and secured Val’s website in no time.
Creating a new secured online presence
Only after being hacked did Val understand that when it came to websites, “Security is not a do-it-yourself project”. You need professional software and protection, whether you’re there or not.
Looking at the big picture, wen compared to other CMS platform, WordPress remains the most at risk. Year on year, other platforms get less attacks, while WordPRess accounts for 83% of attacks, even more than the 74% from the previous year.
You can check the 2017 Sucuri Hacked Website Report for full details.
Later, convinced by the quick help Sucuri provided in 2014, Val started forwarding positive feedback on social media to Sucuri. And he even gave advice on how to improve their website content and social media presence.
Sucuri appreciated Val’s help and shortly thereafter, created a social media specialist position within the company. Val applied and landed his dream job within the Sucuri team. Now, not only is he passionate about his work, but his remote shifts allow him to spend more time with his family too. Ever passionate about social media, Val’s slogan remains “If you want to do social media, you have to love people.”
The five best anti-hacking practices
Here’s what we can take away from Val’s story.
- Learn about security
Stay up to date on firewalls, access control and platform vulnerabilities. Employ a web application firewall, like Sucuri. And check your website whenever new vulnerabilities are announced.
- Craft great passwords
Use a password manager! Make sure your password has a complex structure- a mix of upper and lowercase, special characters and numbers. Longer than 10 characters. And don’t reuse passwords.
- Manage your updates
Make sure you update your CMS, plugins, and server as frequently as possible.
- Have backups
These should be on a schedule, and as often as you’ve content added. And you should also test frequently.
- Use professionals
Join communities, groups about security in forums and on social media. Ask for recommendations instead of trusting any random ad.