Keeping our websites safe and secure is a must have no brainer. Web security is a top priority. We have to make sure we keep our plugins up to date, have strong passwords and keep everything safe. One concrete way to keep a website safe is to have an SSL certificate. An SSL certificate makes your data transfers secure. The information entered onto your website gets to its destination encrypted and safe. It gives you a big stamp of trust and legitimacy. If someone was going to pop in their credit card info have a secure site would make all the difference. Web security is paramount. Trust me on that. With all that in mind, a web design studio should have one that works – right?
Imagine my surprise when I got an email telling me that my personal website got hacked. There is a webinar coming up on on January 25 where I am talking about web security of all things! Talk about egg on my face. It was very obvious that I did this to myself. I demolished my website in the morning by doing a very bad thing. Don’t do this bad thing. I deleted my SSL certificate and carried on with my day. I was immediately opened up to a crummy website takeover. These people are fast. Instead of my smiling mug on my homepage there were a bunch of broken links.
Instead of running around in a panic, I took a very logical approach. (I was channeling mr Spock) The first thing to do was to dig deeper onto what was happening under the hood. I noticed tat I had an https:// prefix to my website even though I was being told I was not secure. After digging around on google’s security resource decided to go on an adventure. The next best place was to FTP into my site and delete all the bad files. FTP is a fancy way of saying, access them online. I went in a cleaned out my WordPress install by deleting ever single WordPress file. Why’s I do such a foolhardy thing? I have a backup on my computer and know exactly what I am doing. If you come across a hack, don’t delete everything. Delete the infected files only. I repeat, I did this because I have all types of controls and fallbacks in place. You might not. So don’t go all in like that.
After that, I went back into my hosting company to install a free SSL certificate. I had to log into my cPanel and when I went to activate my SSL certificate it didn’t let me. I already have one installed, the one form this morning. To deactivate my original SSL certificate I have to go to my SSL.TLS manager cPanel. This is a big step and I got a popup confirming that I actually wanted to deactivate my certificate. Once I deactivated it I was able to go back into Let’s Encrypt and activate a brand new certificate.
The moment of truth was there, did it work? I went back to my website to see if I had a green secure lock and an https:// in front of my domain name. There it was, an empty webpage that needed a new homepage. I whipped up a boring index.html page and tossed it ono my website through FTP. The next stage is to restore my WordPress install. We will cover that in part 2! (If your site is NOT secure get in touch)
What did we learn?
Teachable moments are very important and there is a lesson here. Do not delete your SSL certificates. It is very fixable since we went through it all together. That doesn’t make it a good idea though. Your SSL certificates are a very important part of your online security. Respect them. I learned my lesson and am glad I can share that with you. If your website has an exclamation mark or red triangle beside your domain name you are not secure. Go and install an SSL certificate. There are so many resource available for people to do so, here are two freebies
These are great because they are free! Let’s encrypt is free for everyone and FreeSSL is free for Nonprofits and startup. You can secure your website for free – there is no excuse not to. Let me know if your website is secure and what you are going to do about it in the comments!