Lesson Learned from the WPCandy Hack

Over the weekend the WPCandy site was hacked. Not only did the site go down, their search results were quickly taken down by Google. They are well on their way to recovery. And there is an important lesson for all of us here about site protection and site recovery. Here’s what happened and what you can do to protect your site now.

WPCandy is a super WordPress resource. I rely on them as a top-notch resource for what’s happening in the WP world. Yesterday, they became part of that news.

I first heard about their site being hacked from a post in the LinkedIn WordPress group by Ben Townsend. He mentioned this post on WPin.me titled WPCandy Was Hacked, That’s Why It’s Gone.

The screenshots on that post show SERPs for WPCandy’s blog as being about cash advance and debt consolidation.

The comments on the post say that WPCandy’s owner, Ryan Imel was on the Tybee Island at a WPCS Meetup when the attack occurred.

As of today, the site is coming back live, but slowly. The guess is that Ryan’s crew is using an old backup for fear that recent ones may have been infected too.

Lesson Learned

I feel pretty safe in saying that WPCandy has taken every precaution they could think of to prevent being hacked. But the fact is, the site was taken down and replaced with other content even to the point of making it into Google search results.

Backup, Backup, Backup

The takeaway is, without a good backup strategy that included having multiple backups over time, the site may not have been saved. Obviously it’s a labor-intensive process even with that backup. But can you imagine what it would have been like without it?

How Much is Your Site Worth?

What kind of backup strategy do you have in place? Are you using a free plugin and storing just one backup at a time on your hosting? If so, and something like the WPCandy hack happened to your site, you could kiss it goodbye, permanently. There would be no hope for recovery.

The only reason WPCandy is able to recover is because they invested in a decent backup plugin or service and stored multiple backups off their site. That entails paying for a premium plugin or service, and storage space for the files.

So, I ask again, how much is your site worth? How much would it cost to replace it? Is it more than $75? That’s how much BackupBuddy costs. It’s what I use and what I put on my client’s sites because I know who they’re going to call to restore their site if anything like this ever happens.

Save Your Site Now

Prevention is the key. Here’s help in getting it.

How to Backup Your WordPress Site is a free report with 14 backup plugins, services, and storage solutions, plus the info you need to know to properly set your backup intervals.

BackupBuddy is my plugin of choice. This is my affiliate link.

Amazon S3 is my storage of choice. It’s free for the first year and only pennies a month after that.

Don’t Wait

Now is the best time to get this done. Not kidding. This post, How to Avoid the Heartache of Losing Your Site was written in reaction to helping a client rebuild after she lost her entire site. She meant to call me and set up an appointment to do a site inspection for her. It got put off for too long.

Don’t let this be you. Take care of it now. I’m here to help if you need me.