I Lost 500 Subscribers & How to Make Sure it Doesn’t Happen to You

thepointofthequill security issues


The Quill was hacked. Did you notice Russian lettering in many of my social streams? 

[Please note: For some strange reason, worpress decided to send out this post thought I hadn’t done a ting to it. This is the second time this has occured. And I can tell you it’s not the hackers. I have moved to Aweber as well, so please feel free to update your address and download Mosaic!}

 “Tom, don’t let anybody kid you. It’s all personal, every bit of business.”

 The Godfather

All things come down to The Godfather, right?

I’d been working on a writing project when my emails started flying in and Google+ and Facebook notices started piling up.

I opened the first email, “Lee, I think your site was hacked.”

The second, “There is something going on with your site.” This coming from all sectors of my social life.

So I checked it out.

I saw about 350 new administrators, including me! I deleted all of them and the posts they had created, changed my password and notified my hosting site and spent the rest of the night cleaning up my social streams

 Murphy’s Law is as true as the Law of Gravity

My computer was in the shop (of course) so I spent the rest of the evening on my iPhone deleting posts off of my social feeds and then crawling into the back pages of my computer and deleting the (new) subscribers that had signed up in a concentrated attack (throwing their grammar laden posts out with them. I of course changed my password in the process.

I also started the calls for help. There was no way that I could get rid of these hackers without help. No one around me was proficient in coding, social media, et al. The fix given to me by my server didn’t work. Their reason for the invasion was off as well.

The first thing I thought about was you. Yeah, you’re supposed to say that all of the time and it sounds trite, but I’m serious. I was lost without my computer. I was concerned that your emails were getting swamped with spam. I started calling subscribers that I knew and asked what was going on with their email. I called hosting but I was not getting to the problem because I had no computer. Murphy’s Law struck again. The host company thought they had fixed the problem but it hadn’t. And now I could no longer log into my own page.

Of course, I knew this wasn’t personal. They weren’t targeting me; they were taking advantage of a vulnerability (which occurred as I switched from one theme to a live version of another).

But, like the Godfather, everything feels personal whether it’s business or not.

Make sure your sign-in name is not “admin”

This is the first thing hackers look for when trying to break into your site. Then they will try and look on your social feeds to find something familiar only to you that you might use, like your first name or the name of your pet. Be aware of this. You cannot change the name after it is in the server. But you can make your password a triple barriar.You can also install a captcha plugin so it is even harder to get inside by a coded bot or mischeovous hands.

* For the record, I changed the “admin” at the sign in page to another passcode, which is what all of the security pages encourage you to do from the beginning. If you haven’t done this, please do it asap.

What to look for in wordpress plugins

Please be aware that this could happen to you as well First, change your password.

Especially after Heartbleed. if Google got hacked, someone could hack your site as well.Make sure that all of your plugins and themes are up-to-date with a code fix after Heartbleed. If you are looking to download plugins, make sure that they are also updated after Heartbleed. To check this, read the “detail” info on a plugin before downloading and look to the right in the box to see when the last update was, making sure it was after the latest problem and that it will fit with the theme you are using. Also, look to see ratings and how many websites have downloaded this plugin. I always go for the five star plugins.  Make sure you have Wordfence or one of the paid security plugins. You, as the webmaster, must do your due-diligence.  My window was when I switched and went live with another theme and then switched back again late at night because my old theme offered more so I had to reset everything on my site. Again. But somewhere in the world, there was someone looking for a free ride on the blogosphere and found it, and me, at the moment when I was most vulnerable. 

For security plugin, I use Wordfence Security. It lets me know if there is an update needed ony site or if there was an attack of 10 or less (the number I set it at) to my site. It keeps an eye out for me. It’s brilliant.


Don’t let this happen to you.

To help you make sure you are covering your…bases, this is a top-notch article on safety:


For general security advice, check out Chris Wiegman’s site for great references.

That one known hacker from Korea will not be able to visit my site after installing this plugin basically banishing him from my site: WP Ban

Troy Hunt: Lessons in website security anti-patterns by Tesco use this plus all other 27th reminders


Back-up your site

You know this already but have you done it? If not, just go to the “add plugins” section on the back end of your site and hit Updraft Backups. It’s a free plugin but also a good one. If you feel more comfortable with a paid one just do a search for your budget and plug it in. Your site will be backed up by the time you wake up tomorrow.


Years and years of work to get great connections on Google Plus and to build up to Google Authorship for this?

Soon after, I had typed in my “admin” address for the back side of my site. In Chrome the url bar is also “search in Google”.

Whatever I typed in, obviously tied to “admin” brought up my profile and number of people in my circles and a page with all of the information on getting into the backdoor of sites. It was extremely jarring, my face–which is your “brand” as an author–right next to the post that discussed how to use loopholes, for any site and for servers. (My server has since closed that loophholes.)  It brought back all of the heartrending minutes upon hours stretched into days where I was deleting one “post” after another, thinking of all of the years that I worked on learning about google authorship and then putting codes in the header (without breaking the site) and the years of research and writing …it just drained my spirit.

At least my site ended up #1 on the first page of Google for hacking into my site. I would expect nothing less. 

My site had become not only was an outpost for paid postings but also a forum for the hackers and a way for them to touch base. Even after I had raided them and killed them dead they would send me messages from the contact page; spamming my site and crunching Askimet, my email host, and my patience.

Each time I logged into my site to update plugins there were hundreds of comments, apparently since they were only able to get at the site from the front of the page, they would still leave comments with many, many links so if there were any hackers living and they saw the comment, they would be able to regroup, if all went well, at the newly hacked site.

But you and I are going to make sure our business doesn’t get too personal from hackers that are deficient in morality.

The next post I have written for you is a tutorial on what you need to so behind the scenes to make sure your site stays away from the lesser-ones and I will give you a great many tools for you to help you be an even better webmaster.


I do want to thank you for all who hung in there, aware in generalities of what was going on and sitting patiently through it all. I very much want to hear from you. Were you overloaded with spam or worse, had control of your site taken away from you? Please let us know how you handled the situation.  And thanks again for being my loyal subscribers. After this next post, I have the Monster Book Marketing Post coming soon after the Webmaster post!


Paper or Pixel?


our armor

Gioia De Antoniis via Compfight

How do you like to read your stories?

You know how you are always asked at the grocery store check out line, “Paper or Plastic”. Some are adamant about paper, some not so much. But for our crew of writers and readers I would like to ask your viewpoint on the digital revolution.

Here’s what I’m talking about…

There is something about stationary and other paper goods that has always attracted me. I find that other writers feel the same way.

Even in this digital age the fascination continues. I remember getting lost in the revolving rack stacked full of different types and colors of paper. The cute ragged ages of some cards. The smooth texture of full page stationary in my signature light violet color. What I called Paris Purple. Just the right shade.

I worked in a Hallmark shop when I was in middle school. Loved every minute of it. I was going to buy a stationary shop; always envisioned it. Of course, my love of books would require me to also sell books.

I wanted to make the customers feel comfortable so I watched out for the perfect chairs to be put in various areas around the shop. They would need drinks as well so tables would be necessary.

Soon famous for baking up a storm, I knew the smell of fresh baked items would keep them there. Carefully selected lighting and seating was just the ticket.

Does this sound familiar to you? Yes, well the big chain bookstores developed my dream of a small shop and expanded rapidly. I still wanted that homey small owner feel to my shop. Where you would find surprises around ever corner, not streamlined facilities that all looked  the same in whatever state or city you happened to be in. That might be a comfort to some but it was not my true vision.

Long before I knew of the play Parfumerie or either movie, I saw my little “Shop Around the Corner” as a bastion of book lovers against the great ‘homogenized’ chains. Of course, we know now that in this digital age one large chain was not able to keep their accounting books in order. However, even today there are shops that have withstood both the digital retailers and the big chain stores.  Read about the Literati Bookstore in Ann Arbor in a wonderful article in Poets & Writers Magazine. I salute them.  And lo and behold, I just found handmade stationary on DizzyCsCrafts blog. Made with loving care. For readers in America, my friends in Poland and environs, she is in the UK so you would need to consider shipping costs. Soon, I will have a Love of Library series on this site; and yes, this is the first salvo. You should read a lovely post by author Debbie Young In Praise of Public Libraries. (Young by Name articles are on her new url; www.authordebbieyoung.com). Poets & Writers Magazine also has a pivotal interview conducted by Michael Szceserban, an editor at Simon & Schuster with Agent and Editor David Gernert about the joy of reading and bookstores

No, it will never be all over. But if B&N doesn’t stay healthy, the publishing industry will change phenomenally. Bookstores are incredibly important—not just as retail outlets, but as places where people go and commune with other like-minded individuals, many of them strangers, and talk about big ideas and compare notes on what they’ve been reading and what’s going on in the world. That is a tremendously important and valuable part of our culture. It’s much bigger than just selling books. I find it appalling that our society is turning a blind eye—maybe through just a lack of awareness—to the fact that the number of bookstores in this country is declining all the time. It’s really serious…

So, my question to you is this:

Does it make a difference if you are reading a book on a device or holding the actual book in your hand?

I truly am curious about the difference in your experience of holding a book, feeling the pages between your fingers and flipping over to the author’s picture or the blurb within seconds.

What do you think? Share your thoughts in the comments. Commenting is always free and I know you will have thoughts on this as it is becoming the two sides to the one revolutionary change in publishing.