Tis the season to share spooky stories, and there is no shortage of website horror stories. We scoured the internet for the best horror stories of 2019. Read through them all if you dare…

An Entire eCommerce Site… Vanished

On a full moon night, ghostly hackers pillaged the interwebs throughout the portals of un-updated plugins. This scary tale is of one hacker slipping into our server and destroying a .dev site we’d been working on a client with over a period of four months.

The eCommerce site was enormous, and beautifully designed. All to have it come crashing down.

Luckily at Direction, we have a team of incredibly intelligent developers, designers, and writers… we all put our heads together, pressed pause, and waved our magic wands. The wizardry of teamwork rebuilt the site within 48 hrs-go team! Lesson Learned: Update plugins and clear backend cache daily.

Submitted by Chris Kirksey, President of Direction

Opening Pandora’s Password Box

I recently had a client whom I’ve never done database work for before. They came to me with an administrative login problem on their website; the administrator accidentally inactivated his own account and couldn’t login. The admin user, of course, was the only user who could perform administrative actions for the entire company, so the firm was locked out of their entire database system which held thousands of records of their independent contractor’s data. This meant I had to find a back-door to the system.

When I did so, I discovered that all of the users in the system had their username and password in plain text, unencrypted! If anyone would have broken into this database, they would have discovered *all *of the users’ credentials, passwords, email, username, etc.

As if that wasn’t bad enough, when I got deeper into the database, I also discovered that all of the users had their social security numbers in the database too, also non-encrypted. All the users could have easily been identity theft victims if someone would have targeted their database. The worst part was that none of the social security numbers were even needed to be stored in the database as they were all on paper records in the office’s file system. It goes to show you how vulnerable everyone is when a company has no procedures to secure their users’ data.

To say the least, when I got into it, I was indeed horrified with what I found.

Submitted by John Colascione, CEO of Internet Marketing Services

The Plugin Killer

Our website horror story was having a WordPress site with a vulnerable plugin. I was awoken in the middle of the night to alerts indicating that our site was down.

It turns out there was a zero-day exploit, and it took down our entire server! Let’s just say we were very glad to have nightly backups… and as a result, we completely moved away from WordPress.

Submitted by Sean Pour, CEO of SellMax

No SEO: The Revenue Killer

A gigantic European eCommerce store with country and language-specific sites targeted each European country, a Canadian, and an Australian outlet, went completely dark on Google’s organic search results after implementing a new web design.

All of the URLs were identical, the content was more or less identical, but after changing from a static server-side code-structure to a Progressive Web App, Google must have thought the site went dark.

It was unfortunate because they had spent a lot of money on a beautiful site - they just didn’t consult with a technical SEO professional. After some haste, the developers changed the architecture to pre-render the site and removed all the fancy on-scroll-loading events that ate up all of Google’s Crawl Budget. Then, we did see an increase of rankings. After about six months after the launch, the store was still suffering a loss of 20-25% of their organic revenue and traffic.

Submitted by Simon Elkjaer, Founder and CEO of Nutimo

Crippling Code Rot

I have made one of the basic mistakes that cost me all of my data. The developer who was working on a website had a very strange system of working and I was a bit worried when I saw the code. It looked unclear and disorganized, but the website worked so I didn’t worry too much. As time passed by, I asked the developer for more complicated functionalities which he didn’t know how to insert.

Eventually, I terminated the contract and found a new developer. As I feared, the code was written very poorly and our website eventually crashed. To make things worse, the previous developer didn’t do any backup. In a matter of seconds, all of our data was lost. To me, having a backup of all files was the most obvious thing and I didn’t even think of checking whether it existed. The key takeaway from this experience - do not assume that people will do things, even if they are quite obvious. If you’re in charge of a process, make sure to have everything under control at all times.

Submitted by Nick Galov, Co Founder of Review42

The Canonical Site Killer

This is a story of when a canonical tag was implemented on all pages of a site, and not just one page. A canonical tag tells Google that the content on the tagged page is duplicated content from another page - this allows you to attribute content to other sites without being punished in rankings for copying another website.

When the client copied that canonical tag to all pages of the site, it told Google that the entire site was a copy of one page. As you can imagine, this completely destroyed rankings for the whole site.

Luckily we were able to recover that issue, but if you don’t do SEO correctly and a slip like that happens for a site build, the site will never rank.

Submitted by Filip Silobod, Founder of Honest Marketing Galway

Magento Module Mayhem

An eCommerce company had all of their order handling and shipping built into Magento. Customer service and the warehouse personally managed all orders directly within the CMS as well.

But after installing just one bad module, Magento completely crashed. The backend and the site were inaccessible for 24 hours. After recovery, the store lost the 24 hours of order data, which translated to a revenue loss of over $15,000… all due to one bad module installed into a live Magento store.

Submitted by Simon Elkjaer, Founder and CEO of Nutimo

The Endless Loop

Few things are as frustrating as the endless loop… or website maze. Scarily, I’ve been caught in this a few times. It typically involves a sales pitch or explanation, with a nudge to “Click Here!” for more details. So you click - and there is more information, with a button to “Get Yours Now!” or something like that. So you click to get your item, and there’s more text and another button that leads you back to the page you started at. There are variations that involve four, five, or more pages. Some lead you back to the second or third page. Some just toggle back and forth between two pages; the “Go” button on the second page leads you back to the first… who comes up with these crazy loops?

Submitted by David Leonhardt, President of THGM Writers