More Help from Google for Hacked Websites

Every year we have website owners coming to us for help as their websites have been compromised in some way.   Most hacked websites show little or no visible effect to the visitor.  But the effects can be devastating.  We met one business owner from Cardiff whose hacked website was sending out thousands of emails on his behalf which was clogging up his email server.  The subject of the emails was distasteful and reflected badly on his business. Luckily we were able to clean the site and install security software.  We also discovered that his password was easy to guess which is a big no-no these days.

Others have come to use after seeing intermittent buttons or links to other sites appearing on their pages.  The problems caused by malware and scams are endless.  If you do not clean up the site it can lead to your website being marked with a warning in the search results by Google.  As a consequence visitors will steer clear of your website.   It can also affect your Google ranking if you do not take action.

Unfortunately the level of threats online is increasing hugely and at the same time plenty of new businesses are trying to build their own websites or are using web design companies who are not familiar with the website security.  Unsurprisingly this leads to a huge number of websites being hacked each year.  Last year Google identified around 800,000 compromised websites.   This figure is likely to increase this year.

But the good news is that Google are working hard to help website owners.   If you own a website please be sure to register with either Google Analytics or Search Console.  They are both free and Google is now using both services to notify website owners of issues such as malware.   It might be a good idea to register with both in case you miss the notification from one service.  Google say its hard to get hold of website owners once they have identified a problem.

When we have built the website ourselves the risk becomes a lot lower for our clients as we insist on installing security measures and we strongly recommend that our clients keep secure login details.   For WordPress websites we also recommend ensuring that the plugins and themes are kept up to date.  We also use hosting companies with excellent security features.

If your website has been hacked then please don’t panic.  Please get in touch via hello@casemarketing.co.uk. We can advise you on the best course of action.  If necessary we can clean the website and lock down the security to ensure the problem does not reappear.

You can learn more about website security by using the hashtag #NoHacked on Twitter.

 

New Website for Luxury Wedding Stationery Business – Studio Blush

Wedding Website DesignWe were really pleased when Studio Blush owner Rhona Jarvis approached us to ask us to design her new website.

Studio Blush specialise in top quality designer wedding stationery and other luxury paper goods.

Our brief was to create an upmarket online shop with pale, pastel colours to showcase Studio Blush’s beautiful range of bespoke and In House wedding collections along with their new range of other stationery products.

In terms of colours, we decided to use blush shades to emphasis the brand identity.

In terms of software we choose WordPress and WooCommerce to enable our client to be able to update the website easily herself at any time.

What Can We Learn from WordPress 4.5 Problems & the 123 reg Fiasco?

This past week hasn’t been a great one for many website owners.  First we had the WordPress 4.5 update (called Coleman) which many people installed as soon as they saw the message asking them to do so.   It just demonstrates the enormous trust that so many website owners have for WordPress that they went ahead with the upgrade without any concern.  But unfortunately, as many quickly discovered, this particular update can cause havoc with your theme and plugins leading to strange behaviour, error messages and a general feeling that your website has gone mad.

I don’t know why WordPress pushed out an update knowing fully well that it would wreak havoc with some plugins and themes. I know theme and plugin developers are rushing to update their products to overcome the problems but that can take some time. In the meantime the support forums are full of unhappy WordPress website owners who are struggling to make repairs. So what can we learn from this fiasco?

1. Don’t update WordPress the moment that little box pops up asking you to do so.

My advice is to wait a week or so then check Google or the support forums for possible problems.   Just searching for ‘WordPress 4.5 problems’ will put you off updating for a long time!
But if that wasn’t enough for many website owners things were about to get a whole lot worse. If you had used 123 reg for your web hosting then your site could have been one of those that 123 reg accidentally deleted over the weekend. Its hard to believe that a large, well known hosting company could do such a thing but it’s completely true. Fortunately none of our clients were affected as we do not recommend 123 reg for hosting.   This is for many reasons not least the myriad of technical issues we have encountered with them which can take weeks to resolve.

What if you have already updated and your site is acting weird? Or what if your website has disappeared thanks to 123 reg? Well this brings me to the most important lesson and it’s a good reminder for us all.

2. You Need Three Website Backups

1. You need to make sure you keep at least two, preferably three backups of your entire website.
2. These backups need to be stored in different locations. So it isn’t enough to use your web hosting company’s back up service as this means the backups are stored in the same place as your website. If there was a problem with the server (say for example an idiot at 123reg deleted everything on it) then your back up goes too. I think we can all agree that the world is full of idiots so something similar could happen again.  So some suggestions:-

  • Store one copy of your webspace (more about this in a moment)
  • Keep one copy of your website stored on a portable storage device (e.g. memory stick, portable hard drive, etc).  Be aware that your site may actually take up a lot of space (this one is about 125mb) .
  • Cyber security specialists recommend three back ups of everything as devices can fail.  So a third copy stored in a different building (to avoid damage by fire etc) would be an excellent idea.
  • Make sure you also keep copies of your hosting account stored safely

This method of backing up everything three times and storing the backups in different locations is worthwhile for your work and personal documents and photos too by the way.

How To Back Up Your Website

If you are using WordPress then there are plugins which will back up your site for you and either allow you to download a copy (recommended) or save a copy to your webspace.  We suggest doing both.

This is back up plugin that we tend to use but it’s just personal preference and there are plenty of other good WordPress Back Up plugins available.

WPBackItUp Backup & Restore

If your website is built using different software check first to see if the software has a back up option.  If not you can simply download a copy of all your files using FTP.  If you don’t have the FTP details ask your website designer.  FTP allows you to see and edit all the files which run your website.   You can use free software like Filezilla which enables you to enter your private webspace login details (called FTP login details) and access your webspace. Ideally you need to store a couple of back ups in different locations just in case.

For one of our clients last week the back up approach worked really well.  This client has a WordPress online shop running many plugins including WooCommerce.  She updated to WordPress 4.5 and suddenly her perfect site started to perform strangely.  Product images disappeared, variable products could not be added to basket and there were lots of other strange behaviour.  The fastest and easiest way was to replace the site with a backup copy which was taken the day before.  Simple!  It took about 20 mins max. 

If your backups are not available then the alternative is to switch on error logging (via wp-config) and work out what is causing the problem and rectify it yourself. But that is for experienced web developers only! Otherwise ask at the WP Support Forums for advice.