HACKED: How Innkeepers Become Sitting Ducks…

This post is designed to educate all Innkeepers about the HACKING of Bed and Breakfast Websites throughout the US and Canada.
Acorn Internet Services Hosted Websites are NOT AFFECTED by this current incident.

Map of States with Hacked B&B WebsitesA short story, if I may …. Once Upon a Time… In a land not so far away, I met a representative of the Oregon Bed and Breakfast Association at the 2015 PAII conference in New Orleans. This representative invited me to speak at the OBBG conference in March 2015, and there I met a variety of Innkeepers.

At that time, a few of these Innkeepers had hired a vendor in our industry to build them new WordPress web sites. During my session, and in one-on-one meetings at the OBBG conference, I cautioned Innkeepers that they needed to be very, very careful about their hosting company, and to make sure that any and all WordPress security patches and Plug-In patches their webmaster had programmed into their websites were being made in a timely manner.

Fast forward to today. My crystal ball was working overtime, because as you can see on the map, Oregon Inn’s, many of which attended my sessions at the OBBG conference in March, are in the count of those having been Hacked, along with many other inns across the US and Canada that are all using the same hosting company with the same IP address.


So, how do you know if you’ve been hacked?

1) Check your Google Console (assuming it’s been installed) you might have a message.
2) Use Google’s parameter Site: to see if you have any infected pages.
3) Look for a Blue Line Error message on your Google results “This site may be hacked.
4) Look for a Blue Line Error message in your Google results “This site may harm your computer.
5) Contact a reputable industry provider, and pay for consulting assistance.

Why should you care if you’ve been hacked?

If Google detects that you are not repairing your HACKED website, over time they will ultimately remove you from their SERPS (Search Engine Result Pages). Of course, you will still be accessible from your Directory listings, but as that Google is your number 1 Search Engine provider, and is typically in the Top 3 of all your referrers, losing that amount of Google traffic will ultimately cause a loss of income.

Also keep in mind that once Google displays the “This site may be hacked.” message on your Google listing, your guests are going to see this message and become Very Leery of clicking on your website. If you have been Hacked, they will likely not to want to have anything to do with booking a room on your web site. If you are lucky, you might get a phone call instead, but either way, you are going to be losing business due to the guest’s perception regarding the safety of clicking on your web site, when it says in Google “This site may be hacked.

Guest Afraid to click on a Hacked Site

How can you do your best to prevent being Hacked?

1) First and foremost, hire a quality and industry proven web developer. Unwise coding practices and poor plug-in selection is an open door to Hackers.
2) Second, choose a hosting company that is going to MANAGE your site, not just STORE it on some server out on the web. Managing your web site should include:

a) Installation of Plug-in Security Patches and updates as available.
b) Installation of WordPress Security Patches and updates when available.
c) Login Limitations installed on the Server so Hackers cannot try thousands of passwords at any one time.

3) Third, know what you are, and are not paying for. If you didn’t contract to have your hosting company manage your site, as we’ve described in number 2 above, it becomes your responsibility to guard against Hackers all on your own.

Moral of the Story?

Education is Key!  Choose your Web Design and Hosting Company based on performance, references and quality due diligence. You want to reduce the risk of having your website Hacked. Yes, it is possible for any server on the web to be subject to Hackers. But taking preventative precautions to make it difficult for Hackers to get into your site can definitely be a strong deterrent, though not always 100% guaranteed.

Bottom line, being hacked just isn’t worth the loss in revenue, loss of customer loyalty, possible ongoing issues with future Google placement, and the overall headache and pain to get the site repaired and to keep it clean, if it could have been prevented in the first place.

Follow Up

It is my intent to visit with these Innkeepers after they have had their web presence repaired from these Hackers to see what type of “loss of business” ramifications occurred during this time. And also to see if the cheaper hosting and design plans were really worth it in the end. My guess is, they will have lost more money in lost business, and their reputations, than they would have spent to build and host their sites on a more secure environment in the first place.


Finally, many thanks to the following state and national associations for helping me to reach out to these various Innkeepers to let them know they have been Hacked.

  • The Washington Bed and Breakfast Guild
  • Oregon Bed and Breakfast Guild
  • Minnesota Bed and Breakfast Association
  • Wisconsin Bed & Breakfast Association
  • Michigan Lake to Lake B&B Association
  • Professional Association of Innkeepers International
  • Select Registry

Leave a Reply

Your email address will not be published. Required fields are marked *