It happened Monday morning.
Just as I was getting ready to hit the Publish button after reviewing the guest post for the day, I saw the red screen of death.
It was unnerving, to say the least.
I read, re-read, re-re-read that single paragraph wondering why Google had flagged my website. A quick login to Google Webmaster Tools provided the answer: “Suspected injected code Instance.” Apparently an image in my sidebar linking to Desicritics.org was the culprit.
Google Webmaster Tools also encouraged me to investigate the problem immediately in order to protect my visitors and reassured me that it was probably not my fault. Here is what Google Webmaster Tools said:
Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:
1) the site was compromised
2) the site doesn’t monitor for malicious user-contributed content
3) the site displays content from an ad network that has a malicious advertiser
If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability.
In my case, it was the third scenario where my site was displaying an image linked to another website that had a malicious advertiser. I immediately removed the image and all links to Desicritics.org from my posts. The warning still persisted. I submitted my website for Google to review, but 24 hours later, my site still showed the red warning screen.
I had received many e-mails in the meantime from readers informing me of the “harmful nature” of my site. I thanked everyone and let them know I was looking into it, asking at the same time if someone with Web development skills would volunteer their help.
At work, I didn’t have any time to even think about this problem … which meant spending the evening, well into the night, chatting with a BlueHost representative and taking down my website. (A huge note of thanks to Nick, the BlueHost rep, who patiently instructed me for an hour and a half and served as the calming voice of reason).
As of Tuesday morning, my website didn’t exist.
Just a plain text page informing visitors that First Impressions was undergoing maintenance.
Incessant Googling had resulted in the knowledge that the only way to clean up my website exhaustively was to delete the entire site and rebuild it from scratch.
I’d have to wait another day before figuring out how to resurrect the website.
Tuesday evening was spent deleting all the plugins, uploading the backups (good thing that the BlueHost outage a few weeks earlier had prompted conscientious efforts on my part to backup the website every day), and making sure that all the images I’d uploaded in the course of last year were available and accessible by WordPress. Sounds easy enough, but it wasn’t.
Finally I got everything fixed in the backend last evening — all posts needed to be put under categories, yet again — yes, all 215 of them; all posts needed thumbnails and featured images to work with my design template; and I installed only the plugins I absolutely needed for visitors to have a good reading experience.
And we are back in business — and in Google’s good books — today.
Regular visitors will find some differences in, what I hope is, a clutter-free layout. New visitors might be encouraged to sign up for e-mail updates or RSS feeds featured prominently on the right. And one time readers might stay a little longer to read some other related posts.
The past three days it’s felt like someone was gagging me. That I had completely lost my voice … my platform. I realized how much I needed this site to be alive and well.
This experience also taught me that one can never be “too safe” online. I will not be linking to any external sites just to cross-promote this blog. If it means less traffic to this site, so be it. Also, I’ve installed only those plugins I know are vetted by WordPress and downloaded at least 100,000 times. I have one person to depend on for the health of this website: me. I am the webmaster, the designer, the content generator, the marketing specialist. So, I have to arm myself with information and tools adequately and stay on top of everything website related constantly.
I’m creating a safety net around me, being diligent about backups, and ensuring that readers aren’t clobbered with unnecessary frills on the sidebar or elsewhere. You’re here for the content, and great content is what you’ll get.
That said, here is the guest post from Monday that got buried under all the maliciousness. Dawn’s words helped me remain positive the last 72 hours. I hope they’ll add some positivity into your day, too.