IMPORTANT - Wordpress Traffic and Commissions Being Stolen from My Site
Hopefully that headline got your attention because I am writing this letter about a very serious matter regarding commission and traffic theft occurring from hackers finding back doors into your wordpress site. In many of my WSO's I create visually graphic sales pages - but because this topic is so important, I felt it best to stick with a real letter to my fellow Wordpress users.
Below you can see a screenshot of an friend of mine's Wordpress Security blog regarding an email he came across regarding a new code that can steal traffic and commissions from an unprotected Wordpress Site.
The worst part is who knows how big this problem is and how many millions of dollars have been stolen from Wordpress site owners like you and me from scripts like this. But let's start at the beginning and my alarming experience of having one of my primary Wordpress Sites hacked and thousands of dollars stolen in commission after my traffic was hijacked.
My name is Darren Thompson, and I have been building and developing Wordpress sites for 7 years now after switching from Joomla because of its ease of use and after market tools and applications being developed for it. In fact, my design agency, Velcrocow.com specializes in Wordpress sites and even my anti virus company, Senvira.com is built on wordpress.
The reason for this letter is earlier this year, one of my websites that is a PC Help concept, suddenly saw a drop in conversion by nearly 75% and a decrease in daily revenue from over $2000 per day to under $400 per day. Yet incoming traffic was holding steady.
If this wasn't alarming enough, much of the traffic that comes to this site is through carefully targeted PPC Adwords traffic of which can cost as much as $1500 daily. This site is one of my bread and butter income sites ( which is why I don't include the domain here as there are too many copycats out there just looking to steal good ideas ). But When your Visa is being charged $1500 per day and suddenly you are only bringing in $400 for a net loss of over a $1000 a day it catches your attention.
Was Google suddenly sending me garbage traffic - or was there a new competitor that was undercutting my traffic and conversions ?
For two solid days I examined every possible angle. I looked at Google traffic as well as examined all market conditions. I went through the site to make sure there wasn't any kind of errors and all my affiliate links were correct and hadn't been changed. Everything checked out and it was already day four of this crisis. I had shut down PPC advertising and was losing hundreds of dollars a day in profit but at least wasn't getting killed on Google bills.
I was becoming convinced by this point that it was server based - that somehow when a person tried to come to the site there was a lag time or reason they weren't getting through. I checked the site via various proxies and spent hours on the phone with my hosting company's tech department. I hired a server specialist at GAF - who did a complete security check and found only small hints of odd pings on the domain. Never the less, I moved the site and its database to a dedicated server in hopes that I would fix the problem.
For a few days the changes worked - but within the week the same problem reoccurred. Sales dropped - traffic stay the same and I was now out of pocket nearly $10,000 in combined lost revenue and Adwords bills as well as the cost of the new server and the security expert to try and find out what was happening. I was growing incredibly frustrated as this site was the primary source of income for my family.
I was laying in bed one night and it suddenly occurred to me that I like an idiot hadn't measured outgoing traffic to the stats with my various affiliate partners as well as the software sites I owned. I checked my server logs which didn't show much, so I installed the Jetpack Plugin from Wordpress that night and then compared my clicks to the traffic that was being tracked with one of primary software partners who was using real time displays.
The evidence leaped off the stats page - 327 out going clicks - and only 161 being registered in my affiliate panel. I instantly went back into my site again and checked the affiliate links in the posts but they remained in tact ( I had suspected that someone was gaining access to my site and changing back and forth my affiliate links with theirs )
In the morning I emailed my Affiliate Account Manager and asked him if he could check their logs to see if there was a spike in sales for another account that was originating from my site. Sure enough, an account belonging to a guy in Russia had suddenly jumped with sales but the originating click reference was routed through his site and there was no way to tell where the traffic or source has come from.
All along I had suspected that the problem was my server - but hadn't considered that it was a problem originating from within the Wordpress script. I then started to research the term Wordpress Traffic Hijacking and discovered it's a major problem for thousands of Wordpress owners and is only getting worse as hackers realize the potential of their scam. Equally as concerning was that Google now penalizes sites that have been hacked if they represent a potential threat to their search audience.
I knew right there and then that I had a real problem on my hands and needed to start taking my Wordpress security a hell of a lot more seriously than I had to this point.
I started reading everything I could find, and experimenting with every type of plugin and technique to ensure my sites stayed secure. I began by blocking all traffic from outside of North America, the UK and Australia but knew this was only a short term solution.
The problem was many plugins caused conflicts with their processes thanks to the overlapping nature of their function. Yet no plugin was adequate on its own to fully secure a site from attacks.
After weeks of trial and error - including several more attempts from my hacker in Russia using US based proxies - I had created a bullet proof line up of plugins to fully protect everyone of my Wordpress sites as well as my clients sites ( the silver lining in this whole affair was that my reputation with building secure Wordpress sites drove development requests to new highs )
November 1st, 2013 UPDATE.
I was in the process of developing a new WSO Niche Site Package when it occurred to me that the most important product I could offer to the public was the ability to secure their own Wordpress websites without going through the ridiculous amount of work I had to with my own WP sites.
I set immediately out to create a system where I could not only guide a person through the full installation of all the required plugins and tools that would protect their Wordpress site - but also automate the process as well.
How My System Works...
What I wanted to create was a system where people could instantly install a fully working security package that would protect their Wordpress sites with just a few clicks. Most website owners have very little understanding of how their servers or PHP code works and even less of where they are exposed to hackers and malware. I thought about building a plugin to handle the task, but then came across a free plugin called the Bulk Plugin Installer.
Bulk Plugin Installer ( let's call it BPI ) allows me on any of my Wordpress sites to install any amount of WP plugins I choose with one click. This is due to the fact that each plugin listed with Wordpress.org has a distinct name, and loading the plugin is as simple as telling the BPI which one to install.
To install all of the security plugins on my site or a client's site at once, I simply paste into the BPI a list of the plugins I want added and hit enter, and all the plugs are instantly installed.
I then go in an activate each plugin in order of importance and within five minutes the site is completely secured. It's an incredibly effective and incredibility simply way to protect my websites and my clients sites. All of the plugins are open source or are free to use and when combined together are amazingly effective at protecting any WP installation.
I decided to call this WSO the WORDPRESS BULLETPROOF SECURITY PACKAGE - due to its ability to bullet proof a WP site.
In my extensive research, I was obsessed with finding out where my sites were vulnerable. I wanted to create a way to not only protect my sites but also check to ensure that my current sites hadn't already been violated. Check
This meant my Wordpress Bullet Proofing system had to have two components - the first a way to check for any type of injected malware code - as well as the ability to protect the site perpetually. Check
The most common means of hacking a wordpress site is to take advantage of outdated versions or either the Wordpress version or through outdated themes and plugins. This meant I would need a way to ensure that all of these stayed up to date automatically as I wanted my system to be a set and forget concept. ( keep in mind I first designed it to use myself and I have hundreds of websites that would be a nightmare to constantly update and fix even with mutli-site management tools. ) Check.
I also wanted to make my Admin login page much more secure of which I did by adding a PIN type security feature and renamed the page automatically so that a bot couldn't find that admin login page. Check
I wanted to ensure that all incoming traffic was protected with a firewall to ensure any irregular activity was quickly noted and blocked. Check.
It was also important to ensure my site was automatically blocking known blacklisted IP addresses. Check
With the recent mass Botnet Attack in April of this year it was also vital that I was able to ensure my Wordpress site could not become a robot for hackers to launch attacks on other websites. Check
I wanted to be able to protect each Wordpress site with an Antivirus suite just like I did my computer. This application would have to work 24/7 to ensure no viruses or malware could harm my site or datebases. Check
Speaking of Databases - which are the brain of any Wordpress site, I wanted to ensure that these as well as my entire site was backed up safely on a daily basis. Check
After my experience with having my traffic hijacked, I also wanted a way to keep an eye on my site's code in a manner that would detect any changes to it by a hacker. I wanted a system that would alert me the minute one line of code was changed. Check
Finally, ( and I admit somewhat of a pet peeve project ) I also wanted a way to stop spammers from creating accounts on my public sites or posting their garbage comments on my posts. This meant blocking them before they could even get started - not after they have already by-passed Askismet. Check
If you're like me, the thought of someone stealing my traffic and commissions is infuriating. I cringe to think how much may have been stolen from me over the years - what if this hacker has just gotten greedy and instead of being content with only siphoning of 20% of my income he went for the home run and tried taking 75% of it ?
What if someone is taking 20% or 40% of your traffic and you have no idea they have been doing it ?
A Total Solution...
What I have done is create this easy to use system that will install all of these plugins, and then I also created a tutorial video package to guide you through the entire process. It literally takes less than five minutes to install and activate and your Wordpress site will be completely protected - as well as you will find out instantly if you have been hacked on over a dozen of the most hidden areas hackers love to use to gain backdoor access.
Get this High Powered System Right Now for All Your Wordpress Websites for just $14.95 now through this WSO offer.
If you own a Wordpress site - Don't take the chance of having your hard work stolen or destroyed. At the very least do your own research and get your site protected or for the price of less than one cheap theme - protect every site you own instantly.
Bookmarks