Help! My Website Has Been Hacked!

Website Security

If you’re already a Coastal Web Services client, you have probably already received this information. But we’re posting it here for prospective customers, and also so you can refer back to it as needed.

You may have heard the term website hacking, but do you know what it means, and how common it is? Google “website hacking” and you will find tutorials on how to hack a website. That’s scary stuff.

A hacker is someone who uses their computer programming skills to illegally gain access to a computer network, file or entire website. Hackers sometimes break into a website to gain specific information. Sometimes they just do it to be malicious, and to prove their hacking skills. And hacking can be a crime of opportunity. Hackers now use automated software to look for easy targets, so they may not have targeted you personally.

Some of the more recent, high profile hacked sites include:
• Actress and comedienne Leslie Jones website
• The Democratic National Committee web server
• Amazon
• GoToMyPC
• Twitter
• Ashley Madison
• Internal Revenue Service
• Anthem Blue Cross/Blue Shield
• And many more, including small business websites

Many hackers are now government backed by countries like Russia and China and it’s starting to cause extra work and headaches for websites of all shapes and sizes. We know personally of small businesses in Central Maryland who have fallen victim to hackers.

We are hopeful the website industry will get this under control, but in the meantime we recommend you take measures to reduce the risk of your business website getting hacked. The hackers don’t generally take your information, but they do load sub-programs on your site to defame you, redirect users to an unsavory website (think porn), download malware onto a visitor’s computer, or simply make your website inaccessible. You may be the first one to notice the hack, or it may be a potential customer, or you may get a notification from Google or Bing that your site has been hacked.

Hackers can get into your site in several ways:
• Guessing your password
• Using malware on your computer to capture your credentials
• Finding a security vulnerability in specific software that you happen to be using (especially outdated software)
• And more

The industry is recommending regular maintenance to WordPress sites. The maintenance program is designed to update your site with the latest security patches to reduce, but not eliminate, the risk of your site being hacked. Think of it as Windows Updates for your website. Ultimately, it is your responsibility, or your web hosting company’s responsibility to apply the WordPress updates to your site, including security updates. When we build your website, we set your site to require manual updates. That’s because some of the major updates can “break” your site, making it inaccessible to users. But some of the web hosting companies turn on automatic updates, causing your site to breakdown when there is a major update.

While Coastal Web Services doesn’t offer web hosting contracts anymore, we do offer website maintenance. Up until now, we have been applying WordPress updates, including security updates, for free to our clients. But we can no longer afford to do the work for free, because more and more often, sites are broken by an automatic update, and we are spending hours getting websites back up and running. Starting September 1st, we will be charging our clients a fee to manually apply WordPress updates and help you recover from the damage a hacker or automatic update has done. This fee will be billed separately.

Whether you purchase a WordPress web maintenance program or not we will still maintain your site. However we will start billing separately for those hacking related issues starting September 1, 2016. We spend hours assessing your website after it has been hacked and fixing the security issues that allowed the hack to happen.

Here is a sample of what we do:
• Change your passwords for website logins, database, ftp, etc.
• Make a backup of the site and download it for inspection
• Examine log files and other data to determine how and when your website was hacked
• Examine the WordPress version and software extensions (plug-ins) used on the site and ensure they are up-to-date and do not have any known vulnerabilities
• Review any custom software code (if applicable) for any obvious security flaws
• Clean the site and put it back online.
After speaking with several other web design companies, we found they are billing a fairly large fee for this service. As you know we have always kept our fees very minimal on all our services. We will try to do so with our customers with this maintenance program as well.

The fee will be $50.00 per month to start for the new security package. It is optional but you are basically getting the service at half off our standard rate by committing to an annual contract. Our competitors are charging up to $200.00 per month. The more customers that sign up for this program, the greater the chance that I can keep these fees lower.

We will bill $200.00 to cover September thru December then will bill $600.00 to cover 2017 security patches. This does not guarantee your site will not be hacked but it will greatly reduce the chances. This fee we will be charging is to reduce the risk but if your site does get hacked those additional hours to fix a hacked site will need to be billed extra. All WordPress site customers will be invoiced for this maintenance program but If you don’t pay the invoice, we will assume you are not interested in that program and will remove that invoice from our system. The choice is yours.

But be aware, that if an automatic WordPress update breaks your site, if you did not sign up for our WordPress maintenance program at the discounted rate, we will charge you the full hourly rate of $100. We just recently had a customer where we spent 8 hours dealing with website issues caused by an automatic update implemented by the web hosting company. We did $800 worth of work for free. We just can’t afford to do that anymore. Now, if you pay for the WordPress maintenance program, $600 covers you for a whole year, if you sign a yearly contract. If you decide to be billed for the WordPress maintenance program on a monthly basis, it will be $100 a month, or $1200 a year. So you can save a lot of money by signing the yearly contract.

For those of you that don’t really get why this is important let’s compare your website security maintenance program to the security cameras at your business, or the locks on the doors. You want to do all you can to keep intruders out. But the determined ones sometimes break in. If you sign up for the WordPress security maintenance program, it’s like installing a security system for your website.

If you have any questions, please feel free to call Mike at 410-420-9390 or email at