hannahwealth:
Interesting

Yea...

pinkyruledworld:
Nice one bro

Thank you.

nnamdiosu:
Very excellent write up.
Every wp developer must read this.

Nice one bro.

For back ups, what's the best way, service or method you suggest?

For website Backups, you can use Updraft for it.

Website hacking is real and costs a lot of time and money to fix, depending on what's affected. I just cleaned up a hacked website the other day. I started since morning and finished in the evening.

Time-consuming and also tiring. I was just lucky it's minimal, some hacks will take days to clean up. It happens that the site was injected with a "malicious redirect code". When you visit the website, it redirects to another site done by the hacker, and the sites are always different each time you reload the site.

Please, before I move on, I want you to know that I am no Security Expert, but knows quite enough to detect when something isn't going right and then fix it.

So, what is a "Malicious Redirect"?

According to WordFence; A malicious redirect is a code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site.

So, as you can see, this malicious code can be damaging to your reputation and branding. When my friend called me and told me her site is experiencing such, her voice was tired, she does not know what the problem is, and people have been calling her saying they can't browse her website.

Then I geared up and logged into the site.

The first thing that greeted me was a whole lot of outdated plugins and themes. I started by updating all of them. After I finished, I went to the homepage to see if it still redirects. It didn't redirect so I thought it's over, but no, I am really in for a long tiring day.

DEADLY MISTAKE NUMBER 1: Always update your website software, themes, plugins, everything. Let it be up to date at all times.

I called her on the phone and told her the site is fixed that she can crosscheck. Only for her to call me back a few moments later, "Darlington, it's still redirecting o"

ME: But how can that be? Alright, clear your browser cache and cookies, then try it again.
HER: I just did it, but it's still the same thing.

That was when I realized that this is going to be a tough one. So, I headed on to Sucuri and scanned the website. Lo and behold! JavaScript malicious code was in it.

I must say this, one thing I love about Sucuri site check is the fact that it even showed me the exact code and where it was. In my case, it appears to be in the header of all the pages on the site.

I went to the Theme Editor and selected the "header.php", searched for that particular code and removed it. I was so happy and feeling like a demi-god but little did I know that it's not yet Uhuru.

I saved my changes and did another scan using Sucuri. Still, it shows me the malicious codes are still there.

Alright, time to kill this rat from another angle. I installed WordFence plugin and ran a malware scan on the site. After the scan, it shows me full detail of all the folders and directories that were infected by this same code.

More than 92 different files inside different folders! I told you, am in for a long day. That is it.

I have to remove the malicious code from all those files, manually. I braced myself up for the task and kept on it, opening files, removing malware, saving changes, then doing it over and over and over again. It wasn't easy, but this is the penalty for not taking your website security seriously.

DEADLY MISTAKE NUMBER 2: Always integrate a security plugin on your WordPress website. WordFence has been saving lives since the 19 zero zeros.

You may think, well at least I now know what to delete and where to go and delete it, but it comes with its problems too.

The problem came toward evening time when I am about to finish. I mistakenly deleted a core WordPress folder and boom! The site stops working.
I then downloaded a fresh WordPress file and tried to recreate what I have deleted. I just cannot. It seems to me I missed one or two other files. I do not know, but I just cannot.

Then fear crept into my heart. So, this is how I just deleted off my client website? She will not be happy, and it will warrant building a new website from the ground up. But is there any backup? Okay, let me check.

I checked and behold there is a backup. Oh! God of mercy!

DEADLY MISTAKE NUMBER 3: Always backup your website, and always check to see if there is a backup before attempting to do changes to your website files.

Okay, It then strikes me like a bolt from the blues. What if I just rolled back the website to the backed-up version?

I did it, and do you even know what happened? Can you guess? The website became reborn! No malicious codes, no whatsoever. The site became born anew!

I wanted to flog myself in the buttock for not thinking of this in the first place. After spending all these long tiring hours, I just fixed the issue with a simple reinstalling of the backed-up version.

Well, this is the life we live in this web designing game. Ask, my web developer friends can relate to this. To debug is not a child play, and most times, the solution can just be an easy little fix.

So, my brothers and sisters, this is the story of my life and how I fixed a website injected with a malicious redirect code.

-----------------------------------
Preventive Actions to Protect your website:
-------------------------------
Now, let us get down to preventive actions you need to take to avoid experiencing this tiring and messy situation that I happened to find myself in.

Keep software up to date:
Whether WordPress or any other, try and keep things updated. It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. It applies to both the server operating system and any software you may be running on your website. Always, check for updates and upgrade to latest versions.

Ensure the use of strong passwords:
Almost everyone knows they should use complex passwords, but in reality, do they? Hell no! I heard Mark Zukerberg used 1234 as his Facebook login password and was compromised. Have you heard of Brute Force Attack? Listen, it is crucial to use strong passwords for your web server and website admin area, and equally important to insist on good password practices for your website users to protect the security of their accounts. I recommend you use "LastPass" to generate and manage strong passwords.

Make use of HTTPS or SSL:
It stands for Secured Hypertext Transfer Protocol, and it guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they see in transit. It is not even expensive, "Let's Encrypt" is here to make your life easier.

Install a website security tool:
See, your website resides in a world full of hackers, who are all the time on the prowl, looking for who to take advantage. A website without any security measures could be more prone to attacks. The first thing you should do when you set up a WordPress website is installing a security plugin right away. I recommend my darling WordFence and Sucuri. Any of them will never fail you.

Backup Frequently:
Should I still emphasise on this? Please, fixing a hacked website is hard and could take a long time! A backup copy of your site would enable you to restore it to normalcy. You can then take time to fix the hack and seal off any website vulnerabilities that allowed the hacker to get an express ticket to your website.

Implement 2 Factor Authentication:
When you install WordFence, there is an option there to help you enable this on your website. A 2-factor authentication helps to add another layer of security to your login. Once you try to log in, it will send you a code to either your email or phone number and require you to input the number code before you can log in. It is necessary to implement.

Of course, there are many ways to kill a rat, as my people will say. If we start discussing ways to prevent a hack and protect your website, the cow will come home.

Other methods include but not limited to;

Disallow Plugin Installations
Auto Logout Inactive Users
Limit Login Attempts
Restrict File Uploads
Change The "wp-admin" to something else

Now, let me ask you. Are you using WordPress on your website? Is your admin username still "admin"?

You know it is hard to change your username once you have created your admin account, but I have something for you. An easy bonus tip you can implement right away and change your username.

Follow me step by step...

Login to your WordPress dashboard.
Click on "Users" then click on "Add New".
Put in a correct and good username.
Make sure you use LastPass to generate a strong password.
On the "Role", select "Administrator"
Then click on "Add New User" at the bottom.

Have you done this? Now, follow me, we are almost done.

Logout from your website.
Log in using the new user you just created.
Click on "Users".
Now, select the old "admin" user.

Have you selected it?

Now, hover your mouse on it, you will be able to see "Delete" click it to delete the user.

A page will come up asking you whether you want to transfer all posts by the old "admin" to yourself right now. Select yes and click on "Confirm Deletion"

That's it, we are done. You have just changed your admin username to a brand new hard to guess username instead of the easy to guess "admin".

Thank you for reading this post to the end. I know it's long but if I could make it shorter, I would have done so.

I know you must have experienced website hack at some point in your internet journey. Tell us your story in the comment section and how you were able to fix it.

Website hacking is real and costs a lot of time and money to fix, depending on what's affected. I just cleaned up a hacked website the other day. I started since morning and finished in the evening.

Time-consuming and also tiring. I was just lucky it's minimal, some hacks will take days to clean up. It happens that the site was injected with a "malicious redirect code". When you visit the website, it redirects to another site done by the hacker, and the sites are always different each time you reload the site.

Please, before I move on, I want you to know that I am no Security Expert, but knows quite enough to detect when something isn't going right and then fix it.

So, what is a "Malicious Redirect"?

According to WordFence; A malicious redirect is a code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions. However, some malicious redirections can have more damaging effects. A malicious redirect can exploit vulnerabilities in a site visitor’s computer through web-based scripts to install malware on unprotected machines. As such, it is critical to remove malicious redirects from your site.

So, as you can see, this malicious code can be damaging to your reputation and branding. When my friend called me and told me her site is experiencing such, her voice was tired, she does not know what the problem is, and people have been calling her saying they can't browse her website.

Then I geared up and logged into the site.

The first thing that greeted me was a whole lot of outdated plugins and themes. I started by updating all of them. After I finished, I went to the homepage to see if it still redirects. It didn't redirect so I thought it's over, but no, I am really in for a long tiring day.

DEADLY MISTAKE NUMBER 1: Always update your website software, themes, plugins, everything. Let it be up to date at all times.

I called her on the phone and told her the site is fixed that she can crosscheck. Only for her to call me back a few moments later, "Darlington, it's still redirecting o"

ME: But how can that be? Alright, clear your browser cache and cookies, then try it again.
HER: I just did it, but it's still the same thing.

That was when I realized that this is going to be a tough one. So, I headed on to Sucuri and scanned the website. Lo and behold! JavaScript malicious code was in it.

I must say this, one thing I love about Sucuri site check is the fact that it even showed me the exact code and where it was. In my case, it appears to be in the header of all the pages on the site.

I went to the Theme Editor and selected the "header.php", searched for that particular code and removed it. I was so happy and feeling like a demi-god but little did I know that it's not yet Uhuru.

I saved my changes and did another scan using Sucuri. Still, it shows me the malicious codes are still there.

Alright, time to kill this rat from another angle. I installed WordFence plugin and ran a malware scan on the site. After the scan, it shows me full detail of all the folders and directories that were infected by this same code.

More than 92 different files inside different folders! I told you, am in for a long day. That is it.

I have to remove the malicious code from all those files, manually. I braced myself up for the task and kept on it, opening files, removing malware, saving changes, then doing it over and over and over again. It wasn't easy, but this is the penalty for not taking your website security seriously.

DEADLY MISTAKE NUMBER 2: Always integrate a security plugin on your WordPress website. WordFence has been saving lives since the 19 zero zeros.

You may think, well at least I now know what to delete and where to go and delete it, but it comes with its problems too.

The problem came toward evening time when I am about to finish. I mistakenly deleted a core WordPress folder and boom! The site stops working.
I then downloaded a fresh WordPress file and tried to recreate what I have deleted. I just cannot. It seems to me I missed one or two other files. I do not know, but I just cannot.

Then fear crept into my heart. So, this is how I just deleted off my client website? She will not be happy, and it will warrant building a new website from the ground up. But is there any backup? Okay, let me check.

I checked and behold there is a backup. Oh! God of mercy!

DEADLY MISTAKE NUMBER 3: Always backup your website, and always check to see if there is a backup before attempting to do changes to your website files.

Okay, It then strikes me like a bolt from the blues. What if I just rolled back the website to the backed-up version?

I did it, and do you even know what happened? Can you guess? The website became reborn! No malicious codes, no whatsoever. The site became born anew!

I wanted to flog myself in the buttock for not thinking of this in the first place. After spending all these long tiring hours, I just fixed the issue with a simple reinstalling of the backed-up version.

Well, this is the life we live in this web designing game. Ask, my web developer friends can relate to this. To debug is not a child play, and most times, the solution can just be an easy little fix.

So, my brothers and sisters, this is the story of my life and how I fixed a website injected with a malicious redirect code.

-----------------------------------
Preventive Actions to Protect your website:
-------------------------------
Now, let us get down to preventive actions you need to take to avoid experiencing this tiring and messy situation that I happened to find myself in.

Keep software up to date:
Whether WordPress or any other, try and keep things updated. It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. It applies to both the server operating system and any software you may be running on your website. Always, check for updates and upgrade to latest versions.

Ensure the use of strong passwords:
Almost everyone knows they should use complex passwords, but in reality, do they? Hell no! I heard Mark Zukerberg used 1234 as his Facebook login password and was compromised. Have you heard of Brute Force Attack? Listen, it is crucial to use strong passwords for your web server and website admin area, and equally important to insist on good password practices for your website users to protect the security of their accounts. I recommend you use "LastPass" to generate and manage strong passwords.

Make use of HTTPS or SSL:
It stands for Secured Hypertext Transfer Protocol, and it guarantees that users are talking to the server they expect and that nobody else can intercept or change the content they see in transit. It is not even expensive, "Let's Encrypt" is here to make your life easier.

Install a website security tool:
See, your website resides in a world full of hackers, who are all the time on the prowl, looking for who to take advantage. A website without any security measures could be more prone to attacks. The first thing you should do when you set up a WordPress website is installing a security plugin right away. I recommend my darling WordFence and Sucuri. Any of them will never fail you.

Backup Frequently:
Should I still emphasise on this? Please, fixing a hacked website is hard and could take a long time! A backup copy of your site would enable you to restore it to normalcy. You can then take time to fix the hack and seal off any website vulnerabilities that allowed the hacker to get an express ticket to your website.

Implement 2 Factor Authentication:
When you install WordFence, there is an option there to help you enable this on your website. A 2-factor authentication helps to add another layer of security to your login. Once you try to log in, it will send you a code to either your email or phone number and require you to input the number code before you can log in. It is necessary to implement.

Of course, there are many ways to kill a rat, as my people will say. If we start discussing ways to prevent a hack and protect your website, the cow will come home.

Other methods include but not limited to;

Disallow Plugin Installations
Auto Logout Inactive Users
Limit Login Attempts
Restrict File Uploads
Change The "wp-admin" to something else

Now, let me ask you. Are you using WordPress on your website? Is your admin username still "admin"?

You know it is hard to change your username once you have created your admin account, but I have something for you. An easy bonus tip you can implement right away and change your username.

Follow me step by step...

Login to your WordPress dashboard.
Click on "Users" then click on "Add New".
Put in a correct and good username.
Make sure you use LastPass to generate a strong password.
On the "Role", select "Administrator"
Then click on "Add New User" at the bottom.

Have you done this? Now, follow me, we are almost done.

Logout from your website.
Log in using the new user you just created.
Click on "Users".
Now, select the old "admin" user.

Have you selected it?

Now, hover your mouse on it, you will be able to see "Delete" click it to delete the user.

A page will come up asking you whether you want to transfer all posts by the old "admin" to yourself right now. Select yes and click on "Confirm Deletion"

That's it, we are done. You have just changed your admin username to a brand new hard to guess username instead of the easy to guess "admin".

Thank you for reading this post to the end. I know it's long but if I could make it shorter, I would have done so.

I know you must have experienced website hack at some point in your internet journey. Tell us your story in the comment section and how you were able to fix it.

power50:
Is bluehost the only good webhosting company?

Bluehost is not the only good web hosting company..

But why I love Bluehost is because of there best to none customer care..

Seriously, I havent seen a web hosting with such professional, friendly, and expert customer service.

They will listen to you and solve your problem in a matter of minutes.

They can even help you out in any thing you finding hard to do in your website FREE of charge.

All these and many more made me to fall in love with their service.

I have been using them for 3 years now with nothing but good testimonies from me and my clients that I designed their websites.

benzems:


Okafor.....Did linda ikeje atain fame and popularity in a flash? Nowadays everybody want to be like linda in a flash, do you know she worked severely and hard on her blog pushing out quality and awesome post tailored for better seo
This is total lie, Linda has no quality content till now talk more of SEO tailoring.
Better use another blog as example

Ok.. as you wish...

Tenumah32:
I need someone who is ready to work for a new blog, you are to make seven posts daily, your pay is monthly. I don't want copy and paste posts
I will be fixing you on News and Fashion nichie
Both local and foreign news.
Interested contact me on whatsapp 08101371681

What's the pay?

This is cool..

If creating a successful WordPress website is what you are after, then check this step by step tutorial at w3programs.com

domcreative:
I have a wordpress ecommerce website and i am having problem with the shipping, I want to be able to set different location and shipping cost so when customer select/type their location, e.g i have a set prize for delivery within Lagos, however delivery outside of Lagos have different cost.

The cost of shipping to say Benin is different for shipping to say Abuja or Port Harcourt, how can i implement on my website please.

Check this article and your problem is solved.

If along the way you still need a professional help, holla me via 08175765974 or dalingtonokafor@gmail.com

fid4992:
Please I need someone within portharcourt and its environs to help me set up woocommerce shipping that will have different prices for each state.

Please any interested person should indicate interest by dropping contact information. I will get in touch for further discussion.

Hello...

This can be solved remotely and easily.

All you need to do is to list out what you need to achieve here and I will help you out from here too.

akeentech:


#1. Server performance

If your server's performance is poor, it will take more time to respond. Regardless of how snappy everything else is, a slow server will give you a slow website speed.

Poor server performance is quite often down to your web host. A cheap web host will generally give you a shared server, which implies you're sharing space and resources to endless other sites. In the event that you have a slow website speed, this is because you're in a queue with lots of different sites.

#2. Location of the Server
Suppose your server is based in America. When a Nigerian visitor clicks on your site, the data needs to travel all the way across the Pacific Ocean. It needs to ask for access to the server. At that point, it needs to travel the distance back over the sea to load it on their screen.

Sincerely, these above two can be totally solved perfectly and easily when you choose a good and reliable web hosting.

For a comprehensive tutorial on web hosting and how to choose a befitting and reliable web hosting for your website check this article here w3progams.com/hosting

scaramenga:

M0r0n this is a domain name flipping website and our op talk say he isn't into that. So you are just defending what you don't even understand?
Wow your stupidity deserves a round of applause

You are really not okay upstairs o...

lol...

scaramenga:

uh you dey plan to copy e dead business model? Good luck...hungry people no go find work

Please check flippa.com and receive sense..

izzyboi:
Hello guys
I created a blog on wordpress (example.) but now I want it to a dot com(.com) blog but wordpress is too expensive for a student like me. Please how do I move to other hosts that are very cheap. please help me....

Hello...

There are two types of WordPress website which is Self-hosted Wordpress and Hosted Wordpress

I believe you are using the Hosted Wordpress with a . extension..

Alright,

Here is what to do.

You can migrate to a Self-hosted wordpress website by following this tutorial here

Then if you need help in choosing a reliable hosting for your wordpress website so you don't make mistakes and loose money and time, you can read this article here

I hope this helps?

scaramenga:


dey lie for your papa there.
If u know wetin good for you better no renew your domain or hosting when they expire cos this your garri business no go rise

God will keep you alive to see the day it will rise to popularity and overflowing revenue.... Oloshi like you..

Instead of encouraging him you are here talking trash..

abrashmick:
I am now totally confused when i had that some hosting site are not that reliable...
i"m about to host my site, can you guys please help me out with the best hosting platform

I advise you read this article at w3programs.com/hosting first before you take any action t avoid loosing money and time.

The article will show you what and what to look in a web hosting and also guide you into choosing the best web hosting for your website.

If you need any help along the way, holla me via 08175765974 or darlingtonokafor@gmail.com

ediko5:


Thanks brother, sincerely i have tried all possible ways but to no avail.

I haven't installed skype on this particular PC before.

I still believe its from my windows 7 ultimate installation.

I think i need to backup my files and switch to windows 8.

Also here are all my programs attached including UC browser just to know if any of them can cause this issue.

Unistall that Picasa and check..

If it still persist then you need to really upgrade to windows 8

[quote author=hemlock0 post=66431665][/quote]

You are welcome...

Edit your previous comment, the one you qouted me..

Your reply is inside my own quote..

seoscrib:
Bloggers Drop Your Url For Total Reviews, seo tips, traffic tips...

Check www.w3programs.com

JohnChopDollar:
Hi,

Logo designer needed for logo creation

Please contact John@chopdollar.com

Hi, I am a good web/graphics designer with eyes for good designs and outstanding color combinations.

I have worked on many designs ranging from flex banners, to I.D cards, to Marketing Flyers, to Logos and brochures.

Let's talk via 08175769574 and I assure you of a professional and high quality logo design.

Thanks.

Julius2214:
Make una dey deceive una self... staged post

No mind them.....

hahahahahhaahaaaaa..

hemlock0:

It should be like a form that visitors will fill, containing name,address,occupation, and a place where passport will be uploaded. I want to use it for an upcoming conference

First you need to enable registration in your wordpress website.

Then you need two plugins..

Ninja Form and

Membership pro

With the Ninja Form you design your registration form.

With the Membership Pro you enable user dashboard and other things you need.

If you need help in any way, holla me via 08175765974

Kudos

danwilliams4u:
Please webmasters I need your help,

Can I earn money as a blogger by advertising for eleavers.com on my website over here in nigeria? Because they make their payments true PayPal. I hered that Nigerians are banned from widrawing money on PayPal

Please candid advice needed

You can withdraw your money if you have a U.S paypal.

You will need;

a VPN

a U.S Address

a U.S number

a Payooner Account


I can help you open a U.S paypal account for a little bucks.

Contact me via 08175765974 or darlingtonokafor@gmail.com

Ibelievee:
Hello @software developers.

How do you balance social and family activities with your professional life. This question goes to all, both freelance and 9-5 workers (8-4, in Nigeria). Do you get to show at every social engagement or does your work take much of your time?

IS there even anything like work-life balance in this field?

Do you unplug from your project when you get home? Is it possible to forget about that new feature you were trying to implement back in the office or the bug that boggles you?

Share for all to learn. Thanks.

Its really hard sha... I sometimes cut my date short just because a new idea popped inside my head on how to tackle a particular bug that has been bugging my codes.

At times, I will forget to even eat or cook anything to eat until late into the night...

I lost most of my peers because I don't usually show up for Sunday eve drinks and groove.

In all, I am always fulfilled whenever i get a project right.

Unique32:
My site doesn't rank on Google, i need web designer to help me index it on Google, so it will start ranking and appearing on top list.

Here's my phone number; 08134347014

Don't really have much tho!

We are all hustling.

For you to start seeing the results of SEO it takes time.

And you can even do it yourself when you have the right knowledge.

I strongly advise you to try and do it yourself before you fall into scam!

Below are resources to guide you with your website SEO

https://neilpatel.com/blog/improve-google-rankings-without-getting-penalized/

http://www.wpbeginner.com/wordpress-seo/

http://www.bulletpoint.ca/blog/how-to-do-seo-no-money-no-time/

https://ahrefs.com/blog/increase-website-traffic/

http://www.jeffbullas.com/13-super-easy-ways-to-immediately-improve-your-seo-ranking/

Seriously, after going through all these you will become an SEO PRO already.

If you need any help along the way about anything or SEO concept you didn't understand, just holla me via 08175765974 or darlingtonokafor@gmail.com

asco15:
Please i want to know how many programmer have experienced this

Please comment o

hahhahaaahahhaaa.. times without number..

I have spoilt my keyboard at a certain time because I slept on my laptop while drinking tea. The tea spilled into the keyboard and spoilt it.

I have also spoilt my android phone when I slept off on top if it. I woke up to a broken screen!...

I am laughing now, but it's not funny, never.

But wetin I man go do?

Some programming need to be done.

Some debugging needs my attention.

I need to research and learn more.

So, my brother there is no time o...

gibsolala:
Hello every one am gibson a member of this platform. Am into an online business. Partnering a diamond company.
I currently need a good content writer to help me out with a converting content to be used for my solo ad.
It should be the micro soft doc format.
If you think you have the skill let's exchange if for some money.
080---233--733----09

Sure, I am up or the task...

Let's talk via 08175765974