Hacked! Prevention & Recovery

If you own a website, the chances of being hacked are real. It happens to big companies as well as small, and most likely you’ve already been affected by a hack. As they say, there are two types of consumers: those who’ve been hacked and those who don’t know they’ve been hacked.

As a website owner, a hacked website means lost revenue and even worse, loss of customer trust. This article will help you know how to protect your site from hackers and if you do get hacked, critical steps you’ll need to take to recover.

How To Protect Your Site

  1. Keep your site updated. If you’ve read Proper Care & Feeding of your WordPress Website, you already know that many if not most updates are security related. Platforms (like WordPress), themes, and plugins all require continual updates in order to address newly discovered vulnerabilities and technical changes. Leaving outdated files on your computer is like leaving the door wide open to eager hack attempts.
  2. Install security plugins, when possible. Free or low cost plugins like iThemes Security and Bulletproof Security offer affordable ways to tighten security on your website. There are several technical processes a senior level developer can implement to reduce your chances of a hack, but for many small businesses the cost of the developer may be prohibitive. Using a security plugin may help reduce the need for custom security work. Many hosting providers also offer additional security. It might seem pricey at first but most likely it’s a bargain compared to the costs of having your site down, content destroyed, customer information compromised, and repair services.
  3. Don’t use “admin” or other common usernames. Hackers look for common usernames as keys to directory paths. Using a common username like “admin” is like putting a neon arrow that says “Look Here!” to key entry points in your website.
  4. Rename the wp-content folder on WordPress sites. You’ll want to do this when the site is new, before you’ve uploaded any images that appear on posts or pages, otherwise it could break linked images stored inside the wp-content/uploads/ folder. Like the “admin” username, hackers look for common paths so changing the name of this folder will make access more difficult.
  5. Use strong passwords. I’ve lost track of how many sites we’ve worked on that were hacked due to simple passwords. Here are the rules to a complex, secure password:
    1. 8 digits or more
    2. use both lower and upper case letters
    3. use both numbers and special characters
    4. don’t use the same password for multiple sites
    5. don’t use words that can be found in a dictionary
  6. Remove unused plugins and inactive users. There’s really no point in leaving unnecessary paths into your website by keeping unused extensions or plugins installed or keeping users who no longer need to login to your website. Clutter is rarely a good idea and this applies to your website as well.
  7. Backup your site regularly. If you site does get hacked, restoration will be easier if you have an un-hacked version of your site on hand.

What To Do If You’ve Been Hacked

Your next steps:

  1. Don’t panic. You’re not the first and you won’t be the last. Keep calm and start work on recovery.
  2. Call in your professional support team. Strong technical expertise as well as someone who is familiar with your site—most likely your web developer or hosting provider. Web designers may not have the technical skills required to find and repair the problem however an experience web developer should be able to help you. You’ll need to provide:
    1. WordPress (or other CMS) login
    2. web hosting login
    3. FTP/sFTP access credentials
    4. any backups you have
  3. Take your website offline. Your web host may have already done this but if not, you’ll want to remove it to a secure folder while you assess and fix the website.
  4. Make sure the hack is limited to your site and not the entire web server. Your web host should be able to provide this information.
  5. Scan your local computer(s) for viruses and malware. Sometimes trojans or other infections can come from your local computer to your website. Be sure your anti-virus software is up-to-date, then run the scan.

Your web developer’s steps:

  1. Change your passwords for website logins, databases, FTP, etc.
  2. Download and inspect all of the hacked site files to determine how and when the website was hacked. This information is important to properly clean the site and fix it to prevent future hacks from the same hacker.
  3. Check all plugins or extensions to make sure they are up-to-date and do not have known vulnerabilities. If you’re using a plugin that no longer has updating and support, consider ditching it for a better, supported plugin.
  4. Check any custom code for security flaws or vulnerabilities.
  5. Clean up the issues and put the site back online.
  6. Update your site to the newest version of your platform (WordPress), theme and plugins.
  7. Test that everything is working.
  8. Backup your new, clean website.

Taking the steps mentioned in the first part of this article will definitely reduce your chances of being hacked. While there is never a guarantee you cannot be hacked, you can certainly take steps to make sure you’re not easy prey. With regular monitoring and backups, if you do get hacked, the repair work will be easier and faster.

Who *Really* Owns Your Website?

You’re way too busy running your business and in a rush to get your website up. Since you’re not very tech savvy and you’re preoccupied with your own work, you trust your developer to get your domain registered and get your site set up on a good host. It’s a very normal to leave it to your web tech to handle these tasks. I’ve done it myself for many of my clients. Perhaps I even did it for you.

In the early days of the web (I remember them well), it might have made sense. The internet was as ethereal as space exploration and only a few people knew how to navigate. I remember creating websites for business owners who had never used email. I even helped a couple people learn how to use a mouse.

These days, we’re much more comfortable with computers and most have at least a fair idea of how the internet works. Still, many still don’t understand the basics of website ownership. If you’re one of them, I’m about to enlighten you. Why is it important that you learn a bit of geek? Because you may be in a highly vulnerable position and not actually own your website.

The “Title & Deed” to Your Website

  • Your domain. No one really owns domains. We just register them from an accredited registrar like GoDaddy or eNom. Your domain gets associated with an IP address on a web server so when someone types in your domain name, server computers will know to send that person to your website on that server. Whoever registers the domain essentially owns it. If you hire me or anyone else to register your domain, the registration technically belongs to us.
  • Your web host. Whoever sets up the account on the web host is the one with the power.  They’ll have the “credentials” or login info and most likely, the account will be billed to their credit card. Web hosting companies work hard to maintain tight security for their web clients. They will absolutely refuse to talk with you if you can’t provide authorization of credit card info, password and/or PIN access.

As personnel changes occur in companies and organizations, the domain and host login info (credentials) may get lost. I’ve seen it happen a lot. Of course, if we built your website we’ll have the original info in our records. I recommend that clients keep a hard copy of all their web credentials in a secure but easy-to-locate file.

But what happens if your developer never gave you the login credentials? What if you never knew to ask for them? In a perfect world, that might be okay. Last I checked…it’s not a perfect world. Stuff happens.

Your developer might move and never tell you nor provide updated contact info, or get hit by a bus, or have sudden health issues, or get arrested, or hit sudden fame and fortune, or forget to pay the electric bill, or get angry at you for any number of reasons. You get the idea. When only one person has such vital information, you’ve created a single point of failure that could have devastating results. I’ve had new clients (yes, plural) who came to me, begging for help because they didn’t have their website credentials and their website was held “hostage”. They didn’t understand the power of owning those credentials.

Eliminate Unnecessary Risk

How can you prevent losing control of your website from happening to you?

  1. Register your own domain and purchase your own web hosting service. If you’re unsure where or how, your developer can advise you and even give you the links to click through. You’ll have the confidence of knowing you have the rights to your own website. You will need to share the login info with your developer, of course, but you can rest assured that should you no longer choose to work with that developer (even in best scenarios), you’ll have access to your domain and web host.
  2. If you have a trusted relationship, allow your web tech to setup your domain and hosting service but insist on having all login credentials in your records, too. That way, if you choose to part ways or something tragic happened, you have the necessary information to talk with customer support or hire someone else.

What if your developer can’t share the domain registration login info because of other clients in the management account? You can request the domain be transferred to you or at least insist the domain registration include your name and contact info as the registrant.

It’s not really a matter of trust (or lack of) to insist you have access to your domain and website. It’s good business stewardship. Share the credentials when you need to but don’t keep yourself purposefully in the dark.

The vulnerability is huge and the fix is simple. Keep a record of your login credentials. 


Top 10 Email Marketing Platforms

Email marketing continues to be one of the most effective tactics in digital marketing. There are a number of platforms to select from (and new ones popping up every day), making it difficult to figure out which platform is best for you.  While all platforms have pre-made templates so you won’t need to hire a developer to create a custom HTML template, but beyond that, their features can widely differ. Some of these options include free accounts, drip campaigns, integration with CRMs, drag and drop, etc. We’ve curated the top ten email marketing platforms for you to help you find the best fit for your needs and strategy.

  1. http://mailchimp.com. For years, MailChimp has been my favorite due to ease of use and number of features. It’s free to use if your subscriber list is less than 2000. Features include: subscriber profiles, built-in segmentation, in-depth reporting, advanced analytics, send time optimization, mobile optimized, integrates with hundreds of apps and services, RSS-to-Email, A/B testing, geolocation.
  2. https://madmimi.com/. Mad Mimi is a serious contender for the top of my list. They are working hard to become the best platform and have made great progress. Features include: good list management tools, attractive reporting & tracking tools, webforms including newsletter signup form for your Facebook page, drip campaigns, social links, RSS-to-Email, Google analytics, free under 2500 subscribers.
  3. http://myemma.com.  As a company, they have several community and social initiatives which makes them super cool in my book. Features include: mobile optimized, subject line split testing, analytics, segmentation, easy interface, social media integration.
  4. http://www.getresponse.com. Features include: landing page capabilities, A/B testing, list segments.
  5. http://www.verticalresponse.com. Features include: social media integration, mobile optimized, free under 1000 subscribers.
  6. http://www.aweber.com. Features include: scheduled drip campaigns, helpful 3000+ image library, tracking.
  7. http://www.constantcontact.com/index.jsp. Definitely the biggest name out there but not the easiest to use. They’ll also charge you for image storage if you have more than 5 images uploaded. Tons of features but nothing that other platforms don’t offer for less cost and friendlier interface.
  8. http://www.icontact.com/. Features include: Basic tracking, sign-up forms (including Facebook), autoresponders, split testing.
  9. http://content.zoho.com Free if your mail list is under 2000 subscribers. ZOHO email marketing can be used as part of the ZOHO product line which has business, CRM, and productivity apps. If you’re looking for a more comprehensive toolset, ZOHO seems to cover the spectrum of small business needs or you can choose to only use their email marketing tool.
  10. http://www.exacttarget.com/ (now called Salesforce Marketing Cloud). Salesforce is one of the big boys when it comes to CRM and business platforms. If you’re already using Salesforce, it makes sense to use their email marketing. It may not be the most user-friendly, but the ability to fine tune your target and analyze the results is pretty cool.

Proper Care & Feeding of Your WordPress Website

Your website is like your pet—it needs continued care and maintenance. Website content updates (the new posts, text, photos, events, etc, that you do regularly) will help keep site visitors and search engines happy. Yet content updates aren’t the same as technical care and updates. Technical updates are essential for a healthy, fully functioning website. Your website is built on thousands (and thousands and thousands) of lines of code. Even with regular maintenance and updates, you may still experience glitches.

Even if you’re a technophobe, I beg you not to glaze over the following information. If you own a website, you need to be a responsible website owner.


Your WordPress Website Basics

There are four main layers that make up your WordPress website: the web server, the WordPress platform, the theme and optional plugins. Here’s a brief description of each of these layers and how they work together:

  • Web servers. These are the computers that host your website files. Your hosting company has the vault of web servers that keep your website files safe, in a temperature controlled, secure environment. The web servers are machines that require servicing, repairs and upgrades for the sake of function and security. These changes typically run in the background but on occasion can affect your website by conflicting with scripts on your site or forcing you to make site updates.
  • WordPress. WordPress is a pre-made platform that started years ago as a blogging platform and has evolved into a wonderful Content Management System (CMS). It has a Dashboard that allows non-techs to locate pages and posts on their site and make changes to the content. WordPress belongs to an open source community and allows you to freely use it’s products. WordPress also releases updates. These may be new features, bug fixes, or security related. These changes may create conflicts in the theme or plugins you are using.
  • Theme. The theme is what gives your website design and functions that aren’t a part of the rather sparse, default WordPress platform. Themes help determine the color and layout of your site and often provide extra features that help your website shine. Themes also require updates for new features, bug fixes and security. These changes may create conflicts with plugins. Not all themes have ongoing author support which means your theme may have conflicts with other system updates (web servers, WordPress, etc.) It’s nearly impossible to know which themes will have ongoing support however over time, nearly all themes will be discontinued as new themes emerge that are designed for more up-to-date user expectations.
  • Plugins. Plugins allow you to really amp up the capabilities of your website. Each plugin also has updates for features, bug fixes and security. Plugins are wonderful but they are also one of the easiest entry points for hacks and most common cause for bug issues or script conflicts. Free plugins should be used with care, because they often don’t have ongoing support. In general, don’t keep any plugins in your Dashboard that you aren’t actively using. Some common uses for plugins include:
    • Enhanced SEO capabilities
    • Site caching for faster page loads
    • Form editors that allow non-tech people to create and edit forms
    • Membership forums
    • Directories
    • Site analytics
    • Backups
    • Security
    • Special slider or portfolio effects
    • Shopping carts
    • Polls / Surveys
    • Social media feeds, etc.

If you don’t keep up with the tech updates, your site may become vulnerable to hacks or conflicts with any of the advancing tech layers that support them. Certain features may quit working, including the ability to edit your site at all!


But first, backup!

Before you do any updates, it’s strongly advised that you create a backup of your site in the event that the updates create a conflict with other scripts on your site and “break” the site, thus requiring a developer’s repair. You should be running backups of your site regularly anyway, because “stuff” happens (server failures, hacks, etc.)

There are plugins that you can use for backups. Most web hosts also offer backup services, too. Some are free, some aren’t. While it’s easier to backup your website to the same server that hosts your website, you need to be aware that if the server fails, you’ve lost your backup copy as well. It’s best to save your backup to your own computer. If that’s not a possibility, then save it to a location on your web host that’s different from the place you keep your regular website files.

Most backup services allow you to schedule backups. This is very helpful but be sure to check every now and then to be sure backups are indeed happening.

When Your Site Breaks

If an update causes a script conflict, you then have a choice to:

  • revert back to the previous version of whatever was updated (if you have been saving your backups)
  • have the developer find the conflict and write a custom repair
  • work with the author of the theme/plugin to issue a repair (if they’re still offering support for what you’re using)
  • find another theme or plugin and convert your content over to it

Your choice will depend on the severity of the issue, of course. While WordPress, themes, and plugins make amazing websites tangible (both financially and feature-wise) for the average person, each layer comes with its own vulnerabilities. On the tech side, responsible website ownership requires three things: website maintenance, backups and security. In order to avoid as many problems as possible, you need an experienced web technologist that’s up to date with WordPress and (best case scenario) your website.

Speaking of Security

When it comes to security, you have a few options. You may wish to use a plugin to amp up security within WordPress. Your web host may also offer extra security (for an additional cost, naturally). Many web hosts are setting up servers especially designed for WordPress websites which includes security to address issues common to WordPress. Keep in mind, there is no such thing as an un-hackable website.  Big budgets can use mirrored hosts and a plethora of security layers. As a small business, you may simply need to make your choices based on the level of budget and effort you want to contribute.

Web Vets: For the Health of Your Website

Be sure to keep a good relationship with your web technologist. Quite often, staff changes overlook passing on website information. I can’t count how many clients we’ve helped over the years by keeping records of their website credentials and other key details related to their websites. If you change any web-related passwords, let your technologist know as well. Familiarity with your website and current credentials will save time and stress if an “event” happens.

SEO & Integrity

First rule for effective SEO: Don’t panic!

Many small business owners, upon learning of the importance of Search Engine Optimization (SEO), immediately leap into a frenzied state for which they’ll fork over money to anyone who promises to handle this mysterious, internet success and online life-threatening mandate for them. If you’re freaking out, trust me—someone out there is eagerly waiting to sell you some snake oil.


Since SEO is important to those businesses who rely on search engines to direct traffic to their site and the owners of those businesses are busy, well, doing business, they become easy prey for the SEO marketing predators. This article will help you better understand what you need to do to improve your search engine results. But be forewarned, because Big Vision Media Group is committed to integrity, we’ll tell you the truth: good SEO is not an easy fix.

You already know that the internet evolves and continues to do so even as you read this. That means the SEO tactics also evolve. Google and Bing don’t really want you to use tactics at all because tactics can distort authentic results when trying to connect the web user with the information they need. Big companies who have more resources can outpower you. Shady marketers can use “black hat” tactics. Yet the web is supposed to be a place of equal access, right? For that reason (among others), the search engines don’t want you to know their constantly changing algorithms for determining search engine results. The secrecy and frequent changes means internet marketers must watch patterns and test results to discern how to best be found.

Unfortunately, much of the information you find for SEO is outdated. Additionally, most of the automated SEO programs (used by those marketers who promise you the moon if you’ll let them handle your SEO) use this outdated info or worse, can be shifty in their tactics and end up causing you more harm than good. Learn more about Black Hat SEO.

Here are the facts you need to know:

  1. Know your keywords and themes. What search terms will people use to find your site? What is unique about your products and services? Don’t forget to include local, geographic terms.
  2. Proper links. Develop a sound URL structure with an XML sitemap and smart use of internal linking.
  3. Quality content. Use keywords and themes in your website content. Alter existing content and continue to develop new content wisely. Optimize graphics and videos with these keywords and themes, too.
  4. Competitive analysis.  Find the opportunities to maximize keywords and themes in your content that your competitors have overlooked.
  5. Analytics. Know how much traffic you’re getting, how your site visitors are finding you, what pages they view, what actions they take. Optimize your content accordingly.
  6. Build legitimate incoming links. A bit more work, this requires building relationships with other websites. BoostSuite is a helpful tool as well as taking opportunities from HARO.
  7. Social media marketing. You can amplify your efforts through backlinks, social shares and campaigns. Quality blogging is also a vital part of social media. If you create the right content, your followers will want to share it.
  8. PPC. If you have the budget, AdWords, Facebook Ads, Post Boosts, Page Boosts and other PPC efforts will also increase your SEO results.

As you can see, these tactics are not easily automated. If it seems overwhelming, start at the top and work your way down the list. The result will help your website to be found by those who are earnestly looking for you. Feel free to contact Big Vision Media Group for help with your Search Engine Optimization.



Don’t Try to Reason with your Customers

As a small business owner, you need to accept what sales and marketing professionals have always known: people make decisions based on emotions. In today’s world, we have the studies in neuroscience and consumer behavior to prove it. Big corporations use this knowledge to lure customers away from you but if selling is a game, you have home field advantage. You can provide vital, emotional connections that big chains can only dream about.

We like to think of ourselves as rational, intelligent beings but when it comes to making buying decisions, the reasoning mind simply can’t perform. In Antonio Damasio’s book Descartes Error, he shares his studies on measuring the connections between thinking and emotions. When presented all the facts necessary for making a decision, people were unable to make a choice when they couldn’t access how they felt about the options. In short, your marketing should engage your customers’ dorsolateral prefrontal cortex.

So You’re Not A Neuroscientist?

No worries, you can create effective marketing materials without taking a single brain scan. Your goal is to remember that your customers need emotional engagement in order to make a purchasing decision. How do you do this? Meet the customers on their level. What do they care about? What moves them? There are unlimited ways of presenting your products and services in a way that taps into the emotions of your customers and assures them you are a great choice. Here are a few ideas to get you started:

  1. Stand for something. If you operate from deeply held convictions and are consistent in communicating those values throughout your product line, suppliers, services, etc, you will provide a clear, compelling lightning rod of attraction for those customers who are longing to see those values genuinely expressed in the marketplace.
  2. Relieve their pain. What problems can you solve for your customers? Are they hassled with overly occupied lives? Offer bundles or ready-made packages that save them time. Are they insecure about how to purchase your goods or services? Offer simple guides and examples they can follow or create pre-selected combinations that boost their confidence.
  3. Affirm them. Most people struggle with “looking good” or feeling like deep inside they’re not good enough. How can you market your products in a way that affirms these deeply held issues and increases their sense of personal worth.
  4. Use color strategically. Colors directly affect emotions and evoke a personal connection. Use colors wisely in creating displays, marketing pieces, and an overall environment that connects with your target audience.
  5. Create appeal. Your use of imagery and writing can inspire people, make them laugh with joy or cry for a cause. Well chosen photos tell a story that will affect emotions. What are the characters in your imagery? What emotions are evoked? Humor? Joy? Love? Mystery? Intimacy?

Loyalty Beyond Reason

If you truly love your customer and are able to create genuine emotion connections, the research is on your side. Love equates significantly into loyalty.  In a survey of 60,000 shoppers across 50 markets, they found that if a brand can increase its loyal shopper base by only 5%, it can expect an increase of sales of 10%. In today’s world of social media, each one of those loyal customers becomes your evangelist, spreading the good word about how you make life better.

No one said creating loyalty and authentic emotional ties in business is easy. Furthermore, just as in our personal lives, customer relationships need consistent, supportive nurturing. But worth it? Absolutely!


The New Popular Kids: Retailers with a Plan

There is good news for retail store owners. A 2014 survey by Accenture shows that 21% of U.S. shoppers plan to increase their in-store purchasing! This has more than doubled from the previous year. After years of being declined as the outcasts, retailers can finally re-take their vital place in the community. That is, if they are prepared.

As traditional and new media continue rapidly evolving, the retail environment becomes more and more important. As a retail owner, you need to laser in on the solution to, “How do we convert passive shoppers into active buyers?” Before the shopper steps through your doorway, you’ll want a Shopper Marketing strategy as a first step.

Presentation is the next step.  Does your retail environment provide an atmosphere the shopper can relate or aspire to? What about the presentation of the products on the shelves or kiosks? Does the presentation support your brand as an independent shop? Does it appeal to the shopper, drawing him in to understand how that product can make his life better?

As the shopper stares at your products, does her experience in your store surround her with the support she needs to say “Yes! I want that!” Be aware, that today’s shopper is also likely to use a smartphone in-store when considering a purchase.  When doing so, only 19% of shoppers actually complete the purchase in-store. What are you doing to meet that behavior? Are you leveraging it to develop loyal customers?

Your sales and floor staff are also key. We’ve all had the experience of shopping in a store where the sales staff made us feel like we were interrupting their day. They couldn’t have cared less if we made a purchase or not. The flip side of this, equally as off putting, is an over-eager staff. No one wants to feel pushed or bugged.

Staff needs to understand your brand and how it translates into the way they engage the shopper. This knowledge combined with adequate self-awareness empowers your staff to genuinely assist the shopper and will lead to more purchases and greater customer satisfaction.

If you need help with your Shopper Marketing Strategy, Customer Experience or Brand / Culture Development, Big Vision Media Group can help. We are qualified and committed to independent businesses and the communities that support them.

Your Place in History

It’s fifteen minutes to 1AM, well past my regular bedtime, whatever that may be. This night I’m purposefully staying up to see the blood moon. Though I’m not an astronomer of any kind, I do find it fascinating to think I have the opportunity to see a natural phenomenon four times over the next year or so that was never remotely possible for Mozart, George Washington or Abraham Lincoln. For the fleeting hour to come, I’ll have a sense of history in the making.

In reality, we are all —in every moment—making history. We may not end up in the history books or e-readers or whatever technology delivers information to the future, but we are each in our own way creating the culture that will be studied. Your business is a part of the history being written. What legacy will you leave?

Knowing the Supply Chain

A video released earlier this month highlights the problem with irresponsible supply chain selection. Some companies simply make supply chain decisions never considering the conditions or standards of their sources. They focus solely on price, forgetting there are other serious “costs” involved. Read more

Cinco de Mayo

It’s not every day that you get to watch people set aside the normal daily cares of life to simply enjoy the art of being. For Luna Azteca, Cinco de Mayo is one of the days. This is the second Cinco de Mayo I’ve been lucky enough to share with these beautiful people. They infuse each moment with the happiness of family, friends and the basic enjoyment of being alive in a community of love.


Long live community!