CLUE #1: No one refers to me as DEBORAH ANN, so that is clue number one, albeit not necessarily a red flag.

CLUE #2: Now look at the link. It starts with http://… Most reputable sites, especially domain companies will be using httpS://… The S is for secure and many of us in the know have changed ours two years ago. And again, we see the signature area missing the S on http://.

CLUE #3: Look inside the link. A real url will be simpler. For instance it would read something like …bluehost.com/account/reactivation.html. Instead, we see “bluehost.com/cyberlegosite.com/account/reactivation .html. This is a fake site. Now here is your red flag!

CLUE #4: So if you have been unlucky enough to actually experience malware on your Bluehost site you might have taken the bait and clicked the link. Like me, you’d hopefully get the warning below. If you missed the first few clues, do pay attention to any warning…and call your web site manager to check it out!

P.S. I had a chat with Bluehost and they confirmed it was malware and they have been getting a lot of reports on this today.

The hosting company, Bluehost, in this case, has a professional relationship with Site Lock. Site Lock immediately offered an expensive and unnecessary contract that would cost at least $50 per month. Not only that, they called the client numerous times to talk them into it, even though I had already talked to Site Lock and the client about my solution. This is not only disappointing but bad for Bluehost’s ongoing business relationships with designers and developers.

After dealing with this annoyance, I looked on the server and immediately saw a recent folder with suspicious php files in it. I deleted these files first and then, with the help of my developer Pat, replaced the good working folders with a previous backup from two weeks prior to the hack. (always back up your site at least once a month!) Next, all I had to do was chat with Bluehost and ask them to run a virus check. Everything was good and It was up and running soon after.

After a hack, It’s imperative that you reset all the passwords both to the server side and to WordPress. In this case, the client’s password to the site was not secure enough. These days, you need at least 12 characters. Most people, including myself, resist using the complicated combination of key characters that are always selected by password generators. One way around this is to use a password keeper such as Last Pass. It will pull up your password automatically for you.

Another new idea being talked about is to use a long phrase that you can remember, such as hanselandgretalleftbreadcrumbsonatrailandwererescuedbythehunter. You will still have to use unique phrases for each login.

In addition to backing up your site to the cloud, maintain your software (WordPress, Theme, Plugins) by updating it every week. Remove any unwanted comments or spam comments. Check your WordFence or Sucuri plugin. Ask your hosting company to apply the https:// to your website. (See my post on this for more information.) If you don’t have time or patience for these preventions, ask your consultant to do these for you for a reasonable fee.

Use safe practices when working on your computer at a coffee shop or public place. Never store passwords in a file on your desktop. Use a password keeper instead. Also, don’t click any suspicious links sent by email… especially when invited to “unsubscribe”. That link could lead you to a nightmare in the form of a lot of lost time, frustration and fees.

On the first day… you are notified that your domain will expire in 6o days. The domain was purchased years ago and the registrar is a place you never heard of before. Worst case scenario: You ignore the message and your site goes down. The domain goes public and someone buys it. He asks for $6,000…. Best case scenario: We transfer the domain to our host and update it for you without you having to worry about it again.

On the second day… your WordPress website gets hacked because you followed a scam email. Worst case scenario: you never made a back up and you have to hire a security company to clean your website. It takes a month and you have to take your site offline. Best case: Luckily, you signed up for a maintenance plan with us so there is a backup of your website that we restore for you. But no worries, our maintenance plan should prevent it in the first place.

On the third day… you are having problems with your website made by an acquaintance who is now too busy to help you update it. We find out your custom hand-built theme has never had security updates and it has malware. We recreate your site using our module based theme that gets regular security updates.

On the fourth day… the free plugin on your site is abandoned by the developer and is no longer working correctly. We replace the plugin with one that is similar but supported. When using free plugins we like to contribute to the developer so they can continue working, but they are still a good value.

On the fifth day… the Paypal Donation button stopped working on your website. It could be a number of reasons including someone changed your pp password. We reset the code and fix the problem.

On the sixth day… your company is moving and you need the addresses and Google maps to be changed. We also help you by creating an announcement on the website prior to the move.

On the seventh day… you have been adding images to your blog posts but forgot to reduce their size. Your site slows down because each image is over one megabyte. We reduce the sizes of your images and recheck the performance of your site.

On the eighth day… you want to highlight a new service or product but don’t know the best way to do it. We make recommendations and make the changes for you.

On the ninth day… You want to send your clients a holiday email card but don’t have an image to use. We find a great inexpensive image from a stock agency and send the samples for you to choose. We set it up for you.

On the tenth day… You forgot how to add a photo to a newsletter, so you call us and we help you by walking you though it over the phone.

On the eleventh day… One of the plugins on your WordPress website won’t update in the dashboard. You call us and we download a new version from the developers website and replace it.

On the twelfth day… You have text and pdfs to add on a new web  page and you want help organizing the material to fit your design and brand. We are happy to assist.

Merry Christmas and Happy New Year to all!

I arrived at 8:15 or so and found a nearby parking lot for only $12, despite being warned it could cost $30 due to a Red Sox game held today…. making up for the $75 parking ticket I got last month at a meter during a Red Sox game! But, that’s another story. If you’d like to skip this first hand account and read real transcripts, go to the WordCamp website.

I found out from the first talk, Intuitive Editing Workflows by Erik Bernskiold, that Structured Data Input is an important feature to offer clients, so they can keep their web sites fresh. Problem is, there isn’t a plugin or theme that does this very well yet. We have two options: Create Custom Post Types for the client to write in updates or use a Builder type plugin or theme. The second option can be dangerous as the design can get destroyed without the client realizing it. Some themes, such as Divi by Elegant Themes allow editor roles, thus limiting the ability to change the format.

Next that morning was, The Frustration with Website Security, hosted by Surcuri software. It was labeled WordPress 101, which I took to mean it was for “beginners”. I picked up a few tips, but basically it reinforced what I already knew. 1. Back up your site, not on the server, for instance with Amazon SImple Storage, Dropbox or on your hard drive. Do not rely on the hosting to do it for you. Their backup may also get infected. 2. Attacks are highly automated. which make money for the hackers, even with your small family website, as it can act as a jumping off point to infect other sites. 3. Use a password manager, such as Evernote, so you can have a different password for everything. 4. You can get malware from many places, even plugins!

Designing and Theming for Performance by Matt Dorman was really nerdy, so I won’t go much into it. In a nutshell, Performance of your website, i.e. speed, is important. And there are various tools to determine and help you fix that problem. Obviously, you don’t want your site to load in more than two seconds or you’ve lost the smart phone customer. Sometimes it’s the size of your imagery, or its a plugin or the theme or even the hosting. Test your site on Pingdom, Yahoo’s YSlow, or Google’s Page Speed Insights and then let your web designer/developer know there is a problem so they can help you.

Designer’s Panel with four designers/developers of various backgrounds was next. A lot of chatting, but the important points were: Sliders are on the way out… too much movement especially for phones, which is where all the design is focused now. Give reasons for your design decisions and back it up with information. Quote data and anecdotes. Clients don’t always know what is best for their websites. Consider that what is fast for you and the client, because we have good wifi, is not necessarily the case with many of our users. Someone said the next iteration of WordPress, REST API, will focus on design components and not just the whole page.

Page Builder Showdown given by Gina Deaton rated six or so page builder themes (such as Divi) for creating web page design. A couple came out at the bottom, a few in the acceptable range and two on top. Surprisingly, Divi got knocked down a few points because Gina felt there was a learning curve and the theme only builds out to four columns. She acknowledged that it is a powerful theme, but that in order to use it at it’s full potential, you need to know css coding. The winner was Beaver Builder and a simpler free new theme called Elementor.

Why Good Design Matters was given by a young designer, Andrea Trew,  from the agency Fly Wheel. She mentioned a few books on design or design philosophy including As Little Design As Possible by Dieter Rams. She designed a clever intern campaign based on the Wes Anderson movie, Moonrise Kingdom. New interns were given notebooks backed with fake fur. The take home was “It’s not how it looks, it’s how you make people feel.”

Organizing Your First Website Usability Test by Anthony D Paul, was all about testing web design prototypes. Some results can be “too much content” which can be determined early in a testing environment and problems with Brand Perception, which usually takes some time to uncover and shopping cart abandonment. His favorite quote is “The Price of Light is less than the cost of darkness, by Arthur C.Nielson, market researcher.

Intro to Wireframing, by Karalyn Thayer pointed out that wireframing saves time and money, because you can easily make changes early on. A wireframe, either low fidelity such as a sketch on a napkin, or high fidelity made with software,does not contain any color, fonts, or other stylish elements. The client can more easily understand the hierarchy of content, layout and path of the user.

Are we having fun yet? That’s it for Day one!

“A colleague just called and told me her website had been hacked.  It was now all in French and only the home page was visible.  She has no back up and warned me to find out if I have one.  Do I?

I just took some screen shots of the pages – but does BlueHost – or do you – keep a backup in case I were to be hacked too?  Just wondering….”

Imagine you spent several weeks writing and honing the text and choosing just the right images for your web site, only to lose it overnight to a hacker months later. The above message is an actual email I received this week, and a perfect opportunity to discuss what Bluehost, Perugi Design and you can do to protect your web site and restore it to its original state. Whether your site is old or new, you want to keep text, posts and images for the next iteration, so you won’t have to recreate the wheel again.

For starters, Bluehost, amazingly, backs all sites on its servers every day… for free. I must admit, I have had to rely on them a few times when a site was lost. One client forgot his dashboard password and instead of submitting for a new password at the login page, he went into Bluehost and reinstalled WordPress. Yikes! But, that’s a story for another day. Not every hosting company does this for free. Not even Go Daddy. However, Bluehost asks that you arrange for additional backup as well, just in case.

The minimal approach
You could copy and paste the text into a text editor. But, that does not protect the theme layout and code installed with WordPress. Instead, try this. Go onto the dashboard and to the Tools button on the side bar. Hit the Export button. That will download an xml file of your site. Keep this somewhere safe inside a folder, but not on the desktop.

Amazon S3 backup in the cloud
Perugi Design also offers regular monthly backup to Amazon as a yearly service. The tool we use also allows us to clean out spam comments, update your plugins on a weekly basis and check for malware monthly. Ask us for more information.

So, if you are hacked and your site is in French and all but gone, don’t fret. Bluehost can restore the site to a previous week. It’s a good idea to ask also your web developer to look for possible weaknesses in the site and check for malware.