Over the years I’ve had numerous problems with hackers and their malicious attempts to harm or steal from my websites and that has taught me to be far more diligent and security oriented. In one such case, in 2011 I had started to notice a sudden drop in revenue on a very profitable computer software reviewed site I owned.
This site at the time was making upwards of $2000, and was the bread-and-butter of my entire network.
Without warning sales suddenly trended down by almost 50% on the same amount of traffic which was coming from heavy PPC spends. I began to suspect that something seriously wrong had happened to the website. I went on to freelancer.com and hired a Joomla security expert to analyze my site.
What he found was not only shocking – but troubling. Not only had a hacker found the back door to my site and was causing page load problems which resulted in paid traffic timing out – but someone also installed a script that was dynamically changing my affiliate codes in the various posts on the site.
Consequently what was happening was that they were poaching 50% of the sales coming of my sight. What made it almost impossible to detect at the time was that when I looked at the actual HTML of the page, my affiliate codes were intact and there was no reason to suspect a breach. I ended up moving the sites to a brand-new server and then switching it over to WordPress which in my experience I have found to be much more secure than Joomla or any of the other various content management scripts out there.
Based on that experience I now take security much more seriously when it comes to websites. My experience with the Joomla sites probably cost me upwards of $100,000 in revenue before I realized that I had a true problem. If the hacker hadn’t gotten greedy and had just continued to siphon 10% or 20% of the sales I likely never would’ve noticed that he was there.
In 2014, the vast majority of hackers come from the same countries. Currently I am seeing a large number of malicious attempts originating from Russia, Romania, Turkey, China and Vietnam. That doesn’t mean that all traffic from these countries is poison – but most hackers are form this list. This includes attempts to find back doors, brute force attracts and scripts injections.
One of the plug-ins that I now install on all of my sites, as well as on my client sites, is called IQ Block Country. This powerful but easy to use plug-in detects which country traffic is originating from and if it is on my pre-determined blacklist, it won’t let them access the site and instead posts a message that says that users from their country are not permitted to view the site.
The message that it displays dynamically on the webpage is easily customizable so you can make it as friendly or stern as you want. You can also easily dictate which countries can access your admin back end – which in theory is only your home country.
I believe that this plug-in has dramatically reduced the amount of malicious traffic that my sites receive and should be on every Word Press site out there . The plug-in is free and is available from the WordPress.org repository. In the same sense I also ensure that I have all of my other security plug-ins working to protect my sites at all times.
I’m just working on a new article on all of the plugins I use to keep my sites safe including firewalls and malicious bot blockers, to protect my WordPress sites. I’ll keep you updated.