I was working at a local non-profit and suggested to my boss that we apply for a grant to update our website. I don't have a tech background, but if you've ever worked at a non-profit you know the "all other duties as assigned" portion of your job description is vast. The grant gave us a weekend with a team of techies confident they could redesign our site in time. I would be responsible for the ongoing maintenance and content. I welcomed the opportunity to learn new skills while improving the online presence of our office. Our site looked like it was created when our office was founded back in the '70s.
We got the grant and spent a weekend with the best tech minds in our region. But we had all underestimated the magnitude of our project. The site was more work than anyone anticipated and it wasn't completed that weekend. Thus began my task of learning to use Wordpress, a free and open source content management system for websites.
That weekend also marked the beginning of the end to our site.
It wasn't my lack of competence. For a person with no tech skills, I learned and accomplished quite a bit. For what it's worth, Wordpress is pretty intuitive and there are a lot of opportunities to learn about it in a "non-geek speak" environment. The problem was we got hacked, and in the hacking of our site, I realized the terrible fact that we were now susceptible to cyber threats we were ill equipped to handle.
Anyone who tried to navigate to our webpage ended up at a shoe site that sold name brand six-inch stripper heels manufactured in China. I did what I knew to do. I had installed a backup plug-in and restored the site. It seemed to work, but later that day the shoes were back. I contacted our web host, via email, as there was no phone number to call. They assured me everything was functioning normally. I assured them it was not, which would be pretty clear if they looked at our site. They suggested I clean out my cache and try again. Their instructions were a dead-end and so I decided it was time to take matters into my own hands.
I did my research and learned more about how and why sites are compromised. Our username was "admin" and our password was not very strong or unique, so they were immediately changed. I was lucky enough to fmd the code inserted through our backend and removed it. After clearing my cache I went back to our site and my solution seemed to work. I was no longer being sent to the shoe site. Rachel one, stripper heels zero.
Or so I thought. I left my position at that office a few months ago and recently learned they were hacked again with the same redirection to the same shoe site. I shared with them all I knew to do, but fear the site will now be eternally plagued. The company doesn't have the staff expertise or funds to secure its site and now are left to be walked all over by the highly skilled hackers with their six-inch stripper heels.