About a week ago, I made some changes to my website. Like millions of people all over the world, I use WordPress. It’s fairly straightforward to use and customize, and there is a lot of support all over the internet.
About a day or two after I made the changes to my side, I tried to log into the dashboard of my website to post an article. To my surprise, I received a 403 Forbidden Access message. I couldn’t get it. I left it for the rest of the day, thinking that perhaps it was just a maintenance update or something. But when it didn’t resolve, I decided to contact my site host.
My site was hosted with Bluehost. Getting a support agent to speak to me was a struggle of its own. I had to wait in a virtual queue for a long time. They initially said it would take less than a minute. Then they said ten minutes. But it actually took 30 minutes. I spoke to an agent, and while he was doing something in the background, I got distracted, and then when I returned, the session timed out, and I had to restart the process from the beginning.
When I finally did get someone to help me, they said that my site had been attacked by malware and that they needed to do a scan. They told me that the scan would take 30 minutes and that I would be sent a list of all the infected files that needed to be deleted. I received the list, and it was incredibly long. The support agent then said that I would need special software to remove the infected files and restore my site. The software is called SiteLock. He said that SiteLock would repair my site and protect it from future attacks.
Interestingly, when I opened my Bluehost dashboard, there was an ad for SiteLock. I didn’t take note of it before, but this interaction with the support agent made me aware of it. I checked the pricing. The cheapest package for a hacked site costs $199 upfront. Then there is a continuous protection fee which costs $7.99 per month, per domain. I have several hosted with Bluehost. Also, this package is only available on an annual plan and it is billed upfront. So, in total, I was looking at spending nearly $300 to fix and protect my site.
The support agent told me that a SiteLock agent would contact me within 30 minutes to help me choose the right package and to help me to repair my site. I told him, I understand you’re working for Bluehost, but you sound like a typical scammer: “We’ve scanned your site and we found these threats. Now buy our software.” I also told him that I think Bluehost infected my site so that they could sell me SiteLock. He told me that he was sorry I felt that way, but that they were going to help to fix my site. I never heard from the SiteLock agent. I searched around and I found that many others have had a similar experience.
After this conversation, I immediately moved my site to another host, Nearlyfreespeech.net. It’s much cheaper but requires a bit of technical knowledge, so it’s not for everyone. But, it’s really secure. I used this host in the past, but I got a bit lazy to do the backend technical things, which is why I ended up with Bluehost. I had to rebuild my entire site from scratch. I copied over some of the previous posts, but most of them are lost. But, it’s not a train smash. Also, I’ll remember to do frequent back-ups in the future.
As the world becomes more and more digital, cybercrime is on the rise. I certainly can’t prove that Bluehost intentionally infected my site to profit off my “misfortune”, but if they did, then this is would extortion, or even racketeering. The internet has made things a lot easier for us, but there are a lot of new threats. It would be really unfortunate if large companies are joining the ranks of the cybercriminals.
Be safe out there.
