Cleaning Your Hacked Website

Although we specialize in WordPress sites, I’ve seen dozens of hacked websites over the years, and although there are millions of creative variations, there are pretty much four basic types of hacks that I’ve seen.

A backdoor lets an attacker gain access to your environment to do anything they wish. They’re the most dangerous, because they can even delete your website, but they’re not all that common.

Drive By Downloads:
These are awful, and will download software right onto your user’s local machine.

People are gullible, and they’ll click “yes” and agree to anything, and end up with all sorts of malware and viruses. Again, these aren’t all that common.

Pharma Hack:
The pharma-hack and it’s many variants are very common, and they usually involve placing doorway pages on your website that end up getting indexed by Google.

7-13-2015 12-28-54 PMIt’s so named because in the beginning it only seemed to be pill sellers, but over the years it’s evolved to span all industries.

When this happens to you, your search results end up getting marked by Google in an effort to warn users away from visiting your site…

Malicious Redirects:
This hack redirects visitors to other domains, which then may deliver a malicious payload, like installing spyware and adware. Unfortunately, this is pretty common  and we see this one all too often.

How can you protect yourself?

  • Do weekly backups of your website
  • Store those backups somewhere other than your webhost
  • Upgrade your WordPress core as they are released
  • Upgrade your WordPress plugins as they are released.
  • Replace WordPress plugins that aren’t updated regularly
  • Remove unneeded software, FTP accounts, and database users
  • Make website maintenance someone else’s problem

What if you’re hacked already?

Here’s a very detailed guide to identifying and removing your particular hack.  It talks about the four types of hack,  and the various symptoms and methods.  Quite often, it’s pretty easy to figure out what’s been done and clean it up, but that’s just the beginning.

Besides cleaning up their mess, you also have to identify how they got to your site in the first place, and then patch that security hole, which can be tricky, and feel like a never-ending battle.  In most cases, it makes sense to $200, and have someone like Sucuri do it.  They’ll not only clean your hacked website, but they’ll keep your site safe for an entire year.

Will Your Site Disappear April 21, 2015?

When users are searching from a mobile phone, Google will be prioritizing the results to show  mobile friendly search results before the others.

This means that if your site is not “mobile friendly”, then your website is essentially going to “disappear” for people that are using mobile phones! I made this short video to demonstrate…

Here’s where Google made the announcement, and here is a link to Google’s tools where you can test your own website .

All of the sites we’ve built for the past few of years are 100% mobile friendly, so if you need help with yours, don’t hesitate to get in touch!

We’re Sorry, Your Form is Broken

2015-04-09 15.33.16I’m writing this as an apology to all those sites we’ve worked on in the past, and all the sites that we maintain now, which are using Gravity Forms.

As far as we can tell, Samsung S4 and S5 phone users cannot fill in their phone number with the Gravity Forms plugin that we put on your website.

This morning it came to my attention that for Samsung Galaxy4 or Galaxy5 Android users, they cannot type in their phone number on a mobile phone without it coming out backwards.

I got a note from a client that her form seemed wiggy from her phone, and when i looked, sure enough, it was screwed up.

At the time, I didn’t realize we both had the same phone, so I began testing other sites with the Gravity plugin everywhere, and the results were the same.

Typing 503-761-2931  comes out  139-216-7305

After confirming the problem on every single site I visited,  I began asking others to test, and it turns out that iPhones work fine and so do some older Android phones, but so far, there’s no clear pattern emerging beyond Samsung S4 and S5, but there was a Motorola Droid that had problems too.

How Can You Fix It Right Now?

4-9-2015 4-29-28 PMThis issue has been reported to Gravity Forms already, and while I’m hoping for a fast fix from them, we did change forms on  quite a few client sites.

We had to remove the default “Phone Number” field and replace it with a single line text box. The problem there though, is when you delete the old phone field, you’re warned that you’ll lose the old phone number data, so if you may want to make a copy of the form first.

Will You Help Troubleshoot?

If you have an Android, would you please try the form below? Don’t even submit it, just click on the phone field and begin to type.  Does your phone number go in the correct order for you?

Demo - Gravity Forms Android Bug

  • Enter your phone number from a Samsung S4 or S5 and watch it come out backwards.


Please reply in the comments below if you have any insights. We’re still trying to figure out which phones are affected…




Changing Gravity Forms Description Location

GravityForms received a feature request two years ago to add the ability to change the description location on the forms from below the input boxes. Instead of putting it AFTER the field, the request was to place the box description above them.

Last year, they listed it as a future feature, but as of version 1.6.9, (today) this feature is still not available. They do still have this on their list for a future release, but in the mean time, this can be accomplished by adding a piece of code to your theme’s header.php.

To move the description from this location:

To this location:

Place this code in your theme’s header.php just before the </header> tag:

 <script type="text/javascript">
    jQuery(document).ready(function($) {
            fielddesc = $('<div>').append($(e).clone()).remove().html();

After you’ve added this code, you should take a few minutes to view your site in a browser that you can easily see if there are any javascript errors, such as Internet Explorer.

If adding the above code causes any conflicts with your other plugins or custom theme code, you will see a yellow error warning in the bottom left corner of Internet Explorer.

Remember too, that this change could cause your other plugins or custom code to stop working. If that happens, just remove the above code you added or if you’re more experienced with working with your plugins and code, you can try to adjust the conflicting plugin(s) or code.

*** Update 2014 – At some point this became a non-issue since the feature was added to WP. However, if you don’t see the option to relocate the description, see the very last comment for my guess why.

Scentsy Theme Menu Fix

Scentsy recently made a change to the About link on their consultants corporate site to point to a different URL, and didn’t redirect the old URL to the new.

Under normal circumstances, best practices and common sense would dictate that you should take care not to “break” the incoming links that come to their site from other websites,  Facebook, etc. but in this case, Scentsy didn’t do that, so everyone link ended up broken.

When we first noticed it, we assumed Scentsy would catch and fix it, but they still haven’t, so you have to fix it yourself. If you have a WordPress theme of your own, you’ve may have already figured it out under Appearance > Menus.

If you don’t know how to do it, or if you bought your theme from us a while ago and didn’t even realize your  link was broken, here’s a very short video showing you how to fix it…

[imaioVideo v=1]