“Having few funds we rely on our website to get information out quickly and cost-effectively. Our website was hacked and we needed it fixed fast. Some of the 'experts' we spoke to couldn't help but James Mawson spent a few hours and restored the site. He then advised us to use a different platform to fix the underlying security issues. He provided an immediate quote and worked with us throughout the process delivering a new up to minute site and providing training as well. It was a fast, easy process that put us back in control! ” - Dr. Christine Walker, CEO of the Chronic Illness Alliance
The CIA is a peak body for community organisations that represent people with chronic illness. They provide research and advocacy services on behalf of the chronically ill in Australia.
In 2015, they discovered that their Joomla website was hacked. It looked fine when you visited the website. When the website appeared in the search results, however, the titles and search snippets were jammed with words like “viagra”, “cialis” and related erectile medicines.
This is known as the “pharma hack”. This hack shows one version of your website to Google and another to everyone else. When you or anyone else looks at it, it looks exactly the same as it did before it was hacked. When Google looks at it. These links are a shameless attempt to manipulate Google's PageRank algorithm to send more search traffic to some shady boner pill website.
You won't notice a Pharma hack in normal browsing; you can literally go years before seeing it. You can add and update content to your sites and it will happily cooperate, the whole time showing one version of your website to you and a different one to Google. It's pretty clever really. If it wasn't such a nasty thing to do to such nice people, I'd be impressed.
I tried looking through the php files to remove the injected lines of code. I found some of them, enough to stop the hack from appearing when Google indexed the website. Using Google's Search Console I submitted the most popular pages of the website for reindexing to clear the viagra spam out of the index.
I'd cleaned the website up; that didn't mean it was secure. The security holes remained. Walking away from it here would be a job half-finished: hackers could do their work again any time they liked.
We couldn't even update the Joomla installation - in one of those devilishly clever moves that makes you curse through gritted teeth, they'd hacked the software update tool in the back end to make it think that it already had the most recent version of Joomla. I tried looking for backup versions of the site. They existed, but were also hacked.
It was soon apparent that the least time consuming way to repair this website would be to erase it and then load the content on to a new installation of Joomla. Given that we we were now looking at reinstalling the website, it became time to ask whether we wanted to do all this work just to end up with the same website.
The website had problems beside security.It had become difficult and confusing to navigate. In the years since this website was launched, the CIA had been involved in any number of projects, many of which had resulted in whole new sections being added to the website. It was now extremely unclear what was actually on the website, much less how to find it.
The design also looked very dated. It had a desktop version and a mobile-friendly version. This was once a great way to go about things. As smartphones became more and more popular for web browsing, it made more and more sense to cater for them with a separate version of your site.
In recent years, phones have become larger and laptops smaller and tablets come in all sorts of sizes. Designing for a big screen and a small screen just doesn't cut it anymore. Itnstead, the way forward it to use responsive design to create a single version of your website that adjusts to the width of any screen.
Given that we already had to install a new CMS and put the old content on it, why not fix these issues too? Either way, it was a similar volume of work. We got started on specifying this new website.
It didn't take us long to decide to use Wordpress. The ease with which content could be added or edited was a huge draw. The wide availability of free and premium themes also meant that a great looking responsive design could be implemented affordably and fast.
Accessibility and user experience were of particular importance on this project. The natur of the CIA's work meant they had a special interest in catering to visitors with poor vision or a disability that hinders their easy use of keyboard and mouse. It wasn't enough to have a pretty website - it had to render nicely on every device for every reader.
We signed off on specifications and scoping for the new website, and I installed a testbed version. I got to work transferring the old content to this website.
The next step was the new navigation structure. Their existing website displayed a different sidebar menu depending on which page you were on. This meant that it was hard to tell what content was actually on the website, much less how to get to it. After some discussion, we decided on a top menu with drop down, and a sidebar menu.
With the menus set up on the testbed site, it was now time to find a theme that would play nice. We had a look through and took account of the organisation's aims for the site. We ended up going with a two column, left sidebar theme with a minimum of clutter.
Now was time to tweak the HTML colour codes and add the organisation's logo. This made the website consistent with rest of the organisation's visual branding. We were nearly ready to go live with this website.
One thing left to check was the website's accesibility. We'd followed the right procedures for an accessible website, but wanted to test this work with feedback from real users with a genuine need for it. Christine knew people with disabilities that impacted their internet use. She asked some of them to spend a couple of minutes browsing the testbed website. When they came back with the thumbs up we knew we had a winner.
With everything right on the testbed, it was time to go live. This went smoothly - the website was down for barely an hour.
The last step was to deliver some training on using the website. It was important for the CIA that they be able to update their website on their own. Wordpress makes this easy - if you can use facebook, you can use Wordpress. I also showed them how to keep their website platform up-to-date with security patches: again, Wordpress makes this easy.
The CIA do good works on behalf of those in our community who most need someone to speak on their behalf. It felt really good to significantly improve their web presence like this, to deliver exactly what they needed in a way that catered to the financial limits of a small community organisation.
And what do they think of the new website?
“We love our new website! It ranks well on the search engines too, helping us get our message out to people with chronic illnesses so that they can find the help and information they require to improve their lives.”
Does your website know what year it is? Does it display well on phones, tablets and big screen televisions? Can your visitors see at one glance what is on there and how to get to it? Could it use some spit and polish? If it's time to give your aging website some love and care then we should talk. I combine a strong technical knowledge of building websites with an understanding of how they can serve your wider organisational goals. If that's the kind of know-how you think you could do with, please get in touch using the contact form.