My first clue was a direct message on Twitter from a friend. He said he got a malware warning when going to my website.
That abruptly ushered me into a short season of chaos in my mind. “What do I do now?” “Who do I turn to?” “How did this happen?”
After over a week and a lot of beautiful work by my friend, Brandon Cox, I can say I think I’m out of the woods and back on track. But I learned a lot of things about hosting a website/blog on an internet that is vulnerable to evil (just like every area of life). If you are a ministry leader who blogs and maintains your own website, this sort of problem can keep you from serving strong. Therefore, I’d like to share some of the things I learned. I’m not done learning, but here’s where I am so far:
Hire a good webmaster. For a person who is totally in the dark when it comes to PHP files and CSS and injections of code, it helps to have someone on your side who can go straight to the source and recognize what’s happening. Do you know who your webmaster is?
Do your part. There are things that perhaps you can do based on your already-existing knowledge of the internet and blogging. If you are a WordPress blogger, here is a good resource to read (some of it might apply if you were blogging on any platform):
10 Steps to a Secure WordPress Website:
House your website on a trusted host. Again, your webmaster will know more about this, but I discovered that not all servers are protected from attack as well as they should be.
Read, re-read, and re-re-read again from the Message translation, Philippians 4.6-7. This needs to be part of your regular diet regardless of issues with your website. I realized how helpful it is to already have maintained a deep trust in God before things like this happen. I’m not there yet, but I want my initial reaction to life’s curveballs to be a quiet strength that comes from 110% trust in God and His providence. If infected, it will take time to get resolved. Let the time bring you closer into intimacy with Christ.
Subscribe to a service who will continually scan your site for malware. I’m still working on this, but I believe there are services to which you can subscribe that will periodically scan your site for infection. I think of it kind of like a Lifelock
for your site. It’s best to catch problems before Google puts you on their blacklist.
Continue to create quality content. People will come to expect good stuff from you when you provide good stuff consistently. You want someone’s first reaction to a malware attack on your site to be, “This must be a problem. They wouldn’t do anything to hurt me with malware.” Trust is built over time. Post by post, be authentic, positive, full of hope, and helpful.
I’m still learning.