I produced a website for artist Jeffrey Hammond. I used WordPress and spent a considerable amount of time refining the design and content including a virtual gallery and portfolio that presents almost one hundred of Jeffrey's paintings.
The website was launched alongside the opening of an exhibition of Jeffrey's still life paintings at Blackpool School of Arts Gallery and for a week or so everything worked beautifully and we had a great response and feedback... then Jeffrey emailed me to say that the website was redirecting visitors to a porn site!
I was mortified and immediately unpublished the site and went about trying to correct the problem. However, there is no easy way of doing this. It turns out that the 'WordPress redirect malware' is a classic problem and of course, there are many companies that will remove it for you at a cost. The malware is buried deep within the code, in more than one place and I am embarrassed to say, that it is my fault that the site was exposed to it in the first place...
- I did not ensure the WordPress OS was up-to-date.
- I testedand explored many different WP plugins - not all WP verified or up-to-date.
- I used an unsecured contact form.
- I didn't use two-factor login verification.
- I didn't use a firewall and when I did, it was too late as the malware was already well embedded.
So how did I sort out the problem? I deleted all vestiges of the site and WordPress code and started again from scratch. However, this time I was very careful...
- I changed all the passwords for the WebHost and WP admin.
- I turned on automatic updates for WP OS, Theme and all plugins.
- I added a Sucuri firewall at a monthly cost.
- I used WP 2FA two-factor authentication.
- I only used verified and up-to-date plugins.
- I deleted any plugins I was not going to use (WP adds some automatically).
- Only then did I start to rebuild the site, but this time without a contact form. I need some advice about contact forms before I reinstate it.
So what was the cost?
I felt that my reputation had been damaged. Jeffrey was mortified as he had told so many people about his new website. I am very lucky in that Jeffrey has been very pragmatic and patient about it and gave me the time and trust to sort out the issue. I had to add all the images, info and titles again, in my own time and expense including the Sucuri firewall. I've had a couple of sleepless nights and I am still checking the website almost every hour to check if it is ok.
However, the expense is something I am happy to carry as Jeffrey's paintings are important and are likely to reach a large number of people and I hope I can pick up some more work from other artists on the back of it.
I have learned a lot and have come out the other side with new knowledge and experience. I am not sure I will use WordPress again... Wix and Zyro have pretty good design interfaces
You can visit Jeffrey's website here - https://www.jeffreyhammond.co.uk/
If you are reading this blog and feel you can add something to my research then please comment… even if you are correcting me or don’t agree with something that I say.
No comments:
Post a Comment