 for the technical issues a bit earlier. We're talking about hacked sites, but first, who am I? So I'm just another WordPress enthusiast, plug-in new deaf newbie, and the Star Wars fan, which you can definitely see on my face. It's just written Star Wars fan. So when we get to hacked, how do we feel? What are the five stages that we would go through? Well, we are at the denial phase, so we think that there's no way our website has been hacked. Then we're angry because we find out that, well, we have been hacked, and yeah, we're quite angry about it. And then we tried bargaining with the code. If I asked nicely, would the hack go away? And then we get depressed, and finally, we accept that we're hacked and we start cleaning it, yeah. But the important question here is, why would someone hack us? Well, as Tony Perez says, really, the key is automation. So they wouldn't really hack us ourselves, just a person, they would write a script that would hack millions and millions of websites. Well, that sounds a bit harsh, more likely a couple of thousand websites, but it would go through millions sites, searching for that security hole and try to hack us through it. There are different types of hacks that could result in different interactions in our own websites. My most favorite one is the JavaScript injection. So has anyone of you opened a website and automatically been redirected to another website or just opened some really suspicious website for batting or pharmacy, like the suspicious one that pops out just to the website for toys? Has anyone gotten this? Ever? No? Oh, yeah, okay. Well, that's actually a JavaScript injection. That doesn't mean that, well, at least 99% of the time, it doesn't mean that the person that made the website has actually made that happen. So that means that their website has been hacked and someone injected this redirection towards a website or a bunch of websites or just a random redirection to somewhere else in their own database. And there are different types of hacks. There's, of course, the website defacement which just replaces our website with something else. There's SQL injections, there's so many types of hacks and each one of them would be different. So one type of hack can make our websites and emails for selling Viagra, for instance, that actually happens quite often. And we have a website for teddy bears and having that wouldn't really do a good thing for our reputation. So this is very unpleasant and that's not only the type of hack. There are other types of hacks that could get information, get sensitive information from our website if we're doing online payments, for instance, or other types of stuff. Not always we can find out that we're hacked that easily. But what can we do? We can always use a scan. So there are more than the three scans I have actually listed. But a couple, those ones are really easy to use. So one of them is Dao P. Scan, which is actually a command line to test our websites for any vulnerabilities. However, this is for the more advanced people, the more technical ones, and there are less technical tools we can scan our website for any hack. So we can use the query site check which is the easiest way you can scan your website. However, the results are not always the best you can get. The results can sometimes vary and yes, the query detects the bigger type of scans, but the bigger types of hacks, but not everything. So then a better solution for a non-technical person would be WordFans. WordFans gives you a more detailed information about the last modified files, about what file seems suspicious and what you can do about them. And of course, if you are technical enough, I really suggest to use Dao P. Scan. It's really good, it's a really good tool you can use. So whoever wants to use it, I really appreciate that it's a really good tool. Okay, so what do we do when we actually get hacked? Well, the first thing is we need to stay calm because if we panic, then we wouldn't really have a good solution. We wouldn't be able to think about it. We wouldn't really be able to do anything proper. So step number two, we should go through our recent updates. Sometimes the hack can occur after we have installed a very suspicious plugin or we have updated something. So make your research. Maybe someone else got hacked right after installing a plugin or just right after updating a certain plugin. Of course, updating is the best possible option for every element in your website. However, there are some suspicious plugins from certain developers at certain points that maybe we should be a bit more careful about what we install and what not. And number three, we'll get angry and don't become the Hulk but start cleaning your website. And let's proceed about the core. Well, the core is what's most often to be hacked. Well, plugins as well, teams as well, but the core is the easiest part we can actually clean. So most often an attacker would disguise, it would disguise a file for a core-looking one. For instance, that will be include.php, just note the missing e or that will be authentication. Just see how it's written.php and that will be I am not hacked file.php, of course. But the only way to be sure, even if you have already tested scant, but you still think that there might be something left in your core, the only way to be sure that your core files are clean is just to replace them all. Those are the core files. They're literally folder.dalpy.admin, Dalpy include and everything outside of Dalpy content. What isn't really the best option to be removed is of course Dalpy config.php because that holds our database information. So it's good to check the file, but not just to replace it because our website would of course be broken afterwards if we don't have our database details properly. So we should be careful with that one. And we have a really, really, really easy five-minute protection plan. Like it can get any easier, just three steps. It's not a lot about protection rather than prevention, but it's just three steps. So what's on it? First one is to keep your core up-to-date. Keep everything up-to-date, not only your WordPress version, your plugins, your teams, keep everything updated because a lot of the updates are made because of security holes. So developers find or have been reported of different security holes and they make a patch for it. So they will release an update. So use this information and keep everything up-to-date. There is a reason for it to have an update. Number two, change your login from DaoP admin to whatever else you want. A lot of the automated scripts we mentioned a bit earlier have their brute force tags for DaoP admin. So they are looking for that URL and they try to brute force your website to login to your website using automatically generated username and password. So one way to prevent this particular hack into our website is to change our login URL. It's a really good practice and it's so easy to do. You can use a plugin or if you're more technical you can just customize it. You can do it with a certain code, with H-axis rules, with everything. Really there are so many options, but it's not hard to do and it prevents really a big part of those automatic scripts. Okay, and the third one, have a cool username. Having a username such as admin, administrator or anything alike is a bad practice because a lot of those scripts that are trying to login to our websites are using that same username, everything that comes from admin to try to login to our website. So having such username is not a good practice. Having your name as username is much better practice than having admin or administrator. And that was very quick basically. I didn't expect to talk that fast and we lost a lot of time. So if you have any questions, you can find me on Twitter, you're on to me in email or just find me or wait in WordCamp. I'd love to answer all of your questions. I'm sure some of you would have questions for different types of hacks, your own experience. So I'd be happy to hear from you. Yeah, well, that's it.