Shortly after my last post, my website got hacked. At first, it seemed like a minor glitch: Visitors clicking from google would be redirected to a harmless directory site. However, I was rather occupied with significant business travel, while also relocating my family. I simply didn’t have the time to investigate it. Well, it snowballed into a full-blown crisis, and I re-learned some old management lessons along the way:
Lesson 1: Root Cause Analysis. I consult and train and advice people on the “5 whys” technique, but this time it got personal. Here’s why:
The hackers likely got in through an outdated plugin, BECAUSE the plugins were not updated to the latest versions,
BECAUSE my technophile webhost (Dreamhost.com) does not auto-update the latest versions of WordPress blogging software I use,
BECAUSE my technophile webhost is designed for people who are sufficiently on their technical game to do those update themselves, which did not happen,
BECAUSE I did not do those updates,
BECAUSE I am lame.
When YOU are the root cause of operational or project failure, it can be very personal.
Lesson 2: Always have a backup plan. As I was cleaning out all the corrupted files, I inadvertently deleted all my blog photos. Fortunately, Dreamhost has a restore feature that allowed me to recover those files. THEN, when I moved my blog to WordPress, the change in DNS entries caused my emails to get lost. Fortunately, I had alternate emails that people could use to contact me…and…fortunately, those emails were setup for most of my online services. But in reality, my good fortune was made possible by a little backup planning. I chose my webhost based on its multi-restore features, and I chose my emails to be redundant in case I lost access to them.
Lesson 3: Adapt to the changing reality. I’ve been a customer of Dreamhost.com forever, but it’s time for me to move on. If I am the root cause of this failure, then I need to resolve the risk of causing this same thing from happening again. Dreamhost is a web host designed for technical people who know how to “ssh into a bash shell and grep for which files contain strange commands”. That used to be me 10 years ago, but not anymore. As a father of three, business coach, and entrepreneur, I’m not longer the geek-o-phile I used to be. So, I’ve moved my blog over to wordpress.com, where it’s a little bit more automated and idiot-proof.
In the end, management theory only matters when it has impact on the real world. This time around, I have been taking my own medicine. QUESTION: how about you? When have you had to take your own management or leadership advice?
Welcome to WordPress.com, Jesse! I think you’ll be happy with that choice. I’m sorry to hear about your blog getting hacked.
As for taking my own management or leadership advice, I have to admit I have been doing that a lot over the last six months. As I’m mentoring junior team members or coaching a team on Agile practices, I hear myself give advice that I’m not following myself. Some even call me on it
As mentors and coaches, we should constantly ask ourselves if we are practicing what we preach. We should also ask our teams to hold up the mirror to us once in awhile.
Thanks for the comment, Liza. Good to know I’m not the only one who struggles with “walking the talk”.
Simple:
1. Dreamhost blows. Period. Go into your dreamhost.com web admin and find out how many other domains are registered under your shared server.
You can also use google for this too.
2. Get off of dreamhost shared servers. If you do some research you’ll find out a couple things:
– “There are 10293 domains on your shared server.”
– “Out of 10293 domains, 4582 are compromised.”
– Something like that. Be scared.
3. I speak from experience here. I used dreamhost shared servers in my infancy. Don’t matter whether you change root access, ftp pass, blah blah. One bad apple can spoil them all.
4. PLUGINS – 2 rules:
– Always update.
– Don’t install s**t plugins.
I worked on a friend of ours blog the other day. You can ask him yourself “MCott” . I literally installed a new plugin on his blog and it completely blew up the entire website. He had old plugins that were: coded poorly, not updated, and created poor .php and mysql calls. Anyhoo. You get my point.
-ps
Wow. You’re right. I had no idea their servers were such a mess.
Thanks for the encouragement, Peter.