Lisa Rigby is a New England wedding photographer who has documented more than 200 weddings. In business since 2009, she’s been named "Best Wedding Photographer" by Boston Magazine and is one of the world's 30 Rising Stars Of Wedding Photography by Rangefinder Magazine. Her work is fully displayed at lisarigbyphotography.com where more than half of her clientele find her via Google searches. Being that photography is both her passion and livelihood, Lisa’s website is essential; this is by no means just a hobby.
One late evening in July, Lisa noticed some strange things happening for the first time since launching her website. For starters, it kept crashing. She immediately contacted BlueHost, her hosting provider. They speculated that too many PHP files were running and advised that she take a look at her plugins. However, when Lisa logged in on her dashboard as the admin, she was unable to add Wordpress plugins. Soon, Google Search Console alerted her that she had malware on her website.
I’m just one person who has to do everything. I was trying to figure out IT problems and I’m not an IT person. To be spending that much time...it was taking away from my actual photography work and this was my busy season.
Frantic at this point, Lisa searched the WordPress forums. She found other people with similar problems of having too many active PHP files. Their websites were crashing too and they discovered it was due to bad bots hammering their PHP files all the time, looking to hack the site. A good bot crawls and indexes your site to bring in traffic. On the other hand, a bad bot swarms over your website, knocking on all access points until they find a vulnerability. Soon after, BlueHost took down lisarigbyphotography.com for over two weeks because it was taking up too many resources on their server, causing availablity issues for other clients.
I’m literally crying. This is my income. This pays my mortgage. I was pleading to please don’t take my website down.
Lisa had completely updated her website and tried to block the issues herself. According to Bluehost, she had literally done everything right as far as security and it still was wrong. After spending hours and weeks trying to remedy the problem, BlueHost told Lisa that they no longer were able to help, recommending that she contact their partners at SiteLock. Before doing so, Lisa searched again using the terms hacking and WordPress. This time, she did it within a private Facebook forum specifically for national wedding photographers. It was there that several people mentioned Sucuri.
Choosing Sucuri was simple, states Lisa. For small business they were a much better match, they were better with WordPress - and lastly - better priced.
I might be stingy in my personal life but I always try to invest in my business. One thing I always think of is what is my time worth? I figured out over a few weeks I had spent over 50 hours trying to do it on my own. Every few days it was this cat and mouse game between me and these people.
Lisa opened a ticket with Sucuri and the technician kept in touch as he was cleaning the site, updating Lisa over several hours. The bots would get in finding backdoors left open by the hacker through phps and files, and add users to her website.
I know the technician told me 24 hours to migrate but within hours the speed increased. I have not had one problem or one security breach. My website is completely flawless and faster than ever.
Lisa was relieved not having to spend hours outside of wedding photography to do technical work every night. The entire experience had been very stressful. Hindsight, she also has learned to activate the firewall when first signing up. If installed and properly configured it prevents any more attacks from coming.
Post hack, Lisa (unlike many of her peers) understands the original motives of the hackers. By masking their own IP address, they could redirect her website traffic to theirs and use her “good” SEO to gain better positioning. As soon as Lisa blocked an IP address - even entire ranges and networks - the hacker would go through a few different countries.
Being hacked feels like somebody robbed you, like they burglarized your house. A website is your private space. You feel assaulted.
Even though Sucuri’s scanning is automated, Lisa remains vigilant by conducting a few scans on her own. She also occasionally monitors the firewall traffic to see who is being blocked, and why.
I believe it has to happen to you before doing anything about it. That’s one of the things I say to my peers. If you don’t have this now, it’s the best business insurance policy. It’s not expensive in general, but it really isn’t when you consider what it does.