Connect with us

Opinion Editorials

Hackers Attack & Stats Drop: Your WordPress Blog Could be a Victim

Published

on

HAcked WordPress


It Happens

Sensational title?  You hear about it on other blogs, it happens to government sites, It happens to Al Gore and to Bill O’Reilly… But you never dream it will happen to you. I recently found out that my WordPress site had been hacked into by a dirty, stinking, filthy spammer. It wasn’t even flattering, since I was not specifically targeted in the hack, but only one of hundreds more that were used by a script made to crawl and automatically find vulnerable sites and exploit them. The hacker didn’t even have to exert any effort. This was truly insulting.

Traffic and rankings drop off the map

It all started when I logged into my Google Analytics to check on my stats. I wanted to see if I had broken another traffic record, instead I found that my search engine traffic had dropped by about 80%. I frantically checked Google for a keyword I know I rank for, and found that I was completely absent from the results. I checked another term, and I was nowhere to be found. I had been dropped from the search results.

Since I had no idea why, I started to think that I might have built links too fast, or that maybe I had been sandboxed or something due to climbing too high too quickly. There was nothing I did that could have fallen outside of Google’s guidelines. I was stumped until I searched and found that there was a possibility that I was hacked and might have hidden links on my site. I checked my source code on a few pages and didn’t see anything fishy. After scouring for more information online I ran across an obscure post describing the exact problem I was having.

They will take advantage of you

Since I hosted my sites on an inexpensive shared server, it is possible that my site was sharing the same server with many other websites. Hackers with malicious intent can scan for vulnerable sites, and break into the site using SQL Injections and/or other methods. They don’t do it for sport, they do it to ad hundreds of outbound links from your site to another for SEO reasons. They hope to make a quick buck by inflating their rankings overnight. My hacker was placing hundreds of links to a .edu website that had a vulnerability they exploited causing it to redirect back the their Canadian pharmacy site. It was a double-layered scheme that helped them protect their site from being de-indexed by putting the heat on the school website. I’m still confused, but here is the bottom line: If you use open source platforms… secure your site!

Securing WordPress

There are a few steps you can take to help minimize the chance of attack by “security through obscurity”.

  1. Upgrade! Keep your WordPress install up to date at all times. Apply any patches released by the WordPress development team ASAP when they are released. They often will seal up any security holes that may have been found.
  2. Use a dedicated server: The cheap hosts like Dreamhost and Bluehost (and many more) use shared server environments. This allows hackers to sign up for cheap accounts and get access to a sever box that could be hosting a lot of vulnerable sites. Even more expensive cloud hosts like Mosso or MediaTemple share servers, but the high price of an account increases the barrier to entry purely for malicious intent, so it’s less likely. A dedicated server is the best way to go. (Not to mention the fact that your site loads a lot faster, so your visitors and Google bots will like that).  If you don’t want to drop that kind of money, skip this step.
  3. Remove “WordPress” and “version” references where possible in your theme. Any mention of “Powered by WordPress” should be removed from the footer. If your theme includes a “generator” meta reference in the header, remove it. This allows for easy scanning by a hacker by letting them know that:  A: You are running WordPress.  B: What version you are running. This is a beacon for them that can be easily turned off without any issues.
  4. Remove any unused plugins, they can have holes you may not know about. It’s best to delete them from your wp-plugins folder if they are doing nothing. While you are in the plugins folder, add a blank page title “index.html” or “index.php” this will prevent others from being able to see what plugins you have installed simply by going to “www.yoursite.com/wp-content/plugins”.
  5. Try to limit access to your wp-admin directory using a .htaccess file. Lock down the directory so that only certain IP addresses (your own) can access it. Use the method described here. Or try this plugin. (I have not tried the plugin personally)
  6. Re-name your “admin” default user to something else. For details, look here.
  7. Back up your site! This will not prevent an attack of course, but you can recover quicker if you are messed with, and you can refer back to the original file to see if anything fishy was added.  It’s hard to see funky changes in your database if you don’t have a reference point.  Make sure to back up your entire directory by dragging your wordpress install onto your local machine, and then back up your MySQL database.
  8. This is only the beginning: Check out this post for more. It seems like a headache, and it really is.

You may not know until it is too late

The fact that I had been hacked had gone undetected for so long due to the fact that it was virtually invisible, even in my source code.  The added code was only showing the filthy links it added if the browser was determined to be the Googlebot.  One way I found the links was to impersonate the Googlebot with Firefox.  Another way to see if you were hacked is by typing “site:https://www.yoursite.com buy”  without the quotes of course.  The “buy” added on the end was meant to catch the most common word the hackers would use in a dirty link.  You can replace it with other common spammy words if you would like.  Try this out, and if you see what I saw, you may start to cry.

The steps I mentioned above are only a few ways to begin your security measures.. there are many more.  If you have been hacked, I encourage you to find out what was done and clean it up.

Proactivity is important

If you run wordpress or other open source CMS’s, you need to take the steps to make sure you are upgraded and secure.  Risking a plugin conflict is not as important as ensuring you are not dropped from Google.  After I cleaned out my site by removing the added lines of code from my theme, removing the added user from the database, and removed the new hidden plugins that were added, I was able to request a reconsideration from Google.  I didn’t get an actual response, but I think they got the message because my site seems to be ranking better again.

Follow the rabbit holes below to learn more:

TechCrunch: WordPress Security Issues Lead to Mass Hacking

Holy Shmoly: Did Your Website Get Hacked?

Technorati: WordPress Security Tips

Writer for national real estate opinion column AgentGenius.com, focusing on the improvement of the real estate industry by educating peers about technology, real estate legislation, ethics, practices and brokerage with the end result being that consumers have a better experience.

Continue Reading
Advertisement
23 Comments

23 Comments

  1. Matthew Rathbun

    October 26, 2008 at 3:41 pm

    Carson,

    Thanks for this post. I’ve just been totally abused by spammers over the past two weeks and have gone down one PR. I’ve spent the weekend, updating plugins, and removing those I don’t use.

    Why these idiots feel that attacking other people’s blogs is “impressive” or adds value to their lives, I’ll never understand. I can only hope that they spend eternity in hell, having to read and delete their own spam e-mails and nothing else, for the rest of their miserable existence! What a bunch of losers!

  2. Stephanie Edwards-Musa

    October 26, 2008 at 4:16 pm

    Hey Carson, the number of visits to my site has dropped quite a bit in the past few weeks, but I have not figured out why. Since it is so specific to certain information, it could just be a decline in interest right now….who knows.

    I’ll try your tips. Thanks a lot. 🙂

    PS- It was nice finally meeting you the other day. We need to get together again soon and roll some ideas.

  3. Carson

    October 26, 2008 at 4:42 pm

    Stephanie – I did a site check for turninghoustongreen.com and I didn’t really see any spammy stuff. The stats drop I saw was huge, and it happened overnight. If you ever see a huge drop because of this, you will know.

    Matthew – I think the hackers main goal is to plant outbound links to their sites… Maybe the 9th circle is just an eternal flow of bogus spam wordpress comment approval emails that never end… if that is the case I might already be there.

  4. Nat

    October 26, 2008 at 6:52 pm

    I’m just a newbie in doing my own blog on wordpress. In fact, I’ve been fighting so hard to get started, I haven’t gotten started. However, I did get suckered into paying for 2yrs up front for bluehost. I’ll have it up and running soon enough, and I’m bookmarking this to come back to. I’m sorry you went through what you did, but thankful you took the time to create this how to for the rest of us.

  5. Carson

    October 26, 2008 at 8:21 pm

    Nat – I didn’t really mean to demonize all shared servers, sometimes it is just not financially feasible to get a dedicated server. There are alternatives such as a virtual private server that can add a level of security that is less costly. Keeping your install upgraded is the most important step, and when combined with the other measures you can take to secure wordpress, can increase the security against hacks. A firewalled private dedicated server is just an added layer that can protect against a third party trying to break in. I don’t want to scare anyone too much.

  6. Jay McGillicuddy

    October 26, 2008 at 9:13 pm

    Hi Carson, we were hacked about a year ago and it was a mess. Thanks for the tips I will implement a few of the tips here and I do use a few also.

    I agree with Matt we have been spammed like crazy this past month. I don’t understand the reasoning either.

  7. James Stein

    October 26, 2008 at 9:39 pm

    Great post … Problem is just making backups and updating will not stop the hackers..

    While WordPress does what they can to offer updates that will allow the owner of a hacked WordPress Blog to start to put things back together, if you had a security and safety net that would keep you ahead of hackers, your risk of loss and damage would be eliminated.

    WordPress Secured Slams The Door On WordPress Blog Hackers

    WordPress Secured is the only solution that will help protect you ..

    James

  8. Ben Goheen

    October 26, 2008 at 11:58 pm

    Great post Carson – I didn’t know about some of these security issues. I’ve already implemented a few fixes and will work on more this week.

    Just my 2 cents for an excellent web hosting company, check out Media Layer. Their uptime and support are far superior to the cheapo companies, yet the price isn’t outrageous.

  9. Elaine Reese

    October 27, 2008 at 7:05 am

    I use WP.com … the free version. Does that lessen the opportunity for hackers? I’m assuming your post is referring to the WP.org version where users must decide on a company to host the blog. I also use Akismet and have all comments held until I approve them unless I’ve approved the person previously. Does that help?

    Akismet catches a lot of spammers that try to put up their links on my pages. I just delete.

  10. Jim Gatos

    October 27, 2008 at 7:09 am

    A hacker or spammer infiltrated my shared server Self Hosted WordPress Blog (HostGator) and I didn’t even know until I saw my site was labeled a “phishing” site by many places, including McAfee. I went with Typepad and all my headaches went away..

  11. James Stein

    October 27, 2008 at 8:33 am

    No the only thing that will stop the hackers is if you modify how wordpress itself functions. I have a full detailed step by step system that will show you with screenshots exactly how to secure your wordpress blog. Nothing else on the market can help you .. I am a website developer of over 15 years so I fully understand and now how scripts work.

    See the link on my name…

    James

  12. Carson

    October 27, 2008 at 8:49 am

    James – Ever heard of the “soft sell” approach? Who am I kidding, you didn’t actually read the post.

  13. Carson

    October 27, 2008 at 9:10 am

    You know what, no.

    James’ comments are a perfect example of how not to market yourself on a blog. First of all, the original comment he left ignored all steps but #1 and #7. So you ignored pieces of the post to serve his own point. Second, he speaks in absolutes: Nothing else but HIS solution and product can help you. Third: He uses marketese in his comment: “Slams the Door on WordPress Hackers”. Fourth: He did not add anything to the conversation… just a harsh claim attempting to de-value the solution originally offered and sell his own. Fifth: He uses one of those “sales” pages that scream out “scam” to sell his product. Sixth: He did not know his audience. The title of this blog is AgentGenius, Not AgentDumbass. I’m sure everyone knows that but I wanted to deconstruct the method and make it offer some value here.

    James – If your product solves the problem let us know how it works. Many readers here would be very interested in a single miracle step that would solve security issues, so you have the right audience. Don’t squander a good opportunity to sell it.

  14. James Stein

    October 27, 2008 at 9:31 am

    I did not ignore them at all .. The fact that backing up and updating will not keep you safe should mean something.. This is a serious problem that has cost business income, traffic, revenue and more…

    1. Rename your admin username, ok fine that does not stop hackers from accessing the admin

    2. Using a dedicated server has NOTHING to do with it, even dedicated and unsecured can still be hacked.

    3. Keeping up to date means nothing, the hackers also have access to these updates and remember the code is not encrypted.

    4. Limit access to your admin by IP .. Any hacker can fake your IP and the fact that most have changing IP’s this means nothing.. What you going to do block yourself from your own admin ?

    5. WordPress version means nothing, it still has the same coding style as older wordpress.

    6. remove unused plug-ins .. I agree

    7. backup.. I agree but this should be done with any site not just wordpress

    I fully read the post, fact still remains unless you take action yourself and changethe functionality of wordpress you will never ever stop the hacks. The hackers know exactly how wordpress is coded.. Unless you change how it functions, then they have no idea how to hack it as they will not have any knowledge of what you changed.

    James

  15. James Stein

    October 27, 2008 at 9:38 am

    From customers.. since you asked.. Just a few testimonials…

    ———————–
    Thanks James, just what I was looking for.

    I had one of my blogs hacked a couple of weeks ago. Luckily, it was one that I hadn’t spent a lot of time on so I just deleted and started it over.

    It is a small price to pay to protect your business.

    Again, thanks.

    Lewis
    ——————-

    Ok well I just purchased WordPressSecured and I have to say it is detailed. I have been using WordPress for years and have read and implemented the majority of the security tips out there.

    But, I have never seen anything like this. I can see that I have some work ahead of me this week updating my blogs.

    James I have to say thanks for a great product that delivers what it promises.

    ——————

    I have to say, I’ve benefited James’ tips on this thread pasted right below were immensely beneficial in helping me secure my WordPress:
    My wordpress blog hacked – again!

    Several of my WordPress sites were hacked (as well as non-WordPress scripts, a directory script, and membership scripts I paid for). Some of the hacks were truly scary like one that used one of my sites as a launch pad to send out fraudulent Bank of America emails to extract innocent victims’ financial information. Crap like that could land the wrong person in jail!

    The most common hacks were ones based out of Turkey, who took their grievances and disputes out online on such sites as one I set up to help pets in shelters get adopted. They’d deface my sites with images of soldiers, curses against Israel and Norway (what homeless dogs and ferrets have to do with these hackers’ grievances is beyond my understanding)

    Anyway, after implementing James’ suggestions to secure WordPress, hackers were no longer able to penetrate my WordPress sites, though my server did report that hackers were still targeting them, sometimes slowing my sites down.

    WordPress Secure would definitely be a wise investement. I say this, having already benefited from James’ /The RichJerksNet expertise in this area, without having it yet. Getting it all in one resource would be very nice.

  16. AskApache

    November 5, 2008 at 11:39 pm

    Nice post Carson,

    happened to find it from a trackback I received and just now got to it in the moderation stack. (cant find the link?).

    #5 limit access to your wp-admin directory using a .htaccess file

    The AskApache Password Protection plugin tries to automate the task of securing your blog (not just wp-admin) by using .htaccess to configure your site. You can always download the plugin at WP, but if you are interested in the actual explanations of what the code does, check this post out, it shows the code.

    I’ve been working on the new version for a month, so stay tuned.

    The most important tips (in my experience) for keeping your blog secure that you mention above are ( 1, 4, 2, 5 )..

    If you keep WP upgraded you are safe, but keep in mind that almost all the exploits that are used to crack a WP blog are actually exploiting vulnerable PLUGINS and THEMES.

    So if you only use vetted plugins and a custom theme (delete everything else/unused) then you should be good.. Also, you mentioned using a dedicated host, and that is probably the best way to limit the potential fallout from a cracked blog from spilling over to all your other online stuff. Nice blog!

  17. AskApache

    November 6, 2008 at 12:15 am

    Oh and BTW, without flaming your blog.. James doesn’t have a clue what he’s talking about.

    Clearly lacks any knowledge/experience of auditing code to find a vulnerability, then creating a custom exploit for that vulnerability, creating an agent to carry the exploit payload across Internet Protocols recognized by the target (blog on HTTP), and finally delivering and executing the payload.

    It’s quite nearly impossible to “fake” an IP address, read anything about IP protocols and Kevin Mitnick to get a clue.

    Updating your WP is the single best thing you can do… because exploits are custom built to exploit vulnerabilities in OLD versions. Once an exploit is made public, through honeypots, active logging, etc.. WP releases an update. See “Open Source” for basic background on how this works.

    No offense James, you’ve put some effort and thought into your suggestions but without understanding what an exploit is and how a server/web app/system operates you’ll just be wasting your time.

    I’d liken your ideas to this scenario.. A user spends a lot of time creating a custom password-login-prompt that is loaded every time a user wants to login to the admin panel.

    Seems secure..

    [ request admin ] => [ password prompt ]

    But thats completely misleading. Here’s how the request really travels.

    [ request admin ] ==> [ protocol setup OS-dependent ] ==> [ server finds requested file ] ==> [ server determines how to “handle” file (php) ] ==> [ server executes php binary or module ] ==> [ php opens file according to php config ] ==> [ requested file parsed by php ] ==> [ php includes wp-config.php to access database ] ==> [ php sends output/headers on tcp/ip connection established by server app ] ==> [ finally your password-protection is loaded and executed ]

    Now that is entirely over-simplified, and you can see that there are around 15 different points in-between when the request is sent to the server and when the password-protection actually starts. All it would take is modifying file permissions, changing wp-config.php info, modifying how the server “handles” php, executing a OS-level/Server-level/Protocol-level/Application-level exploit and all that so-called “security” is completely circumvented.

  18. James Stein

    November 6, 2008 at 8:31 am

    I fully understand what I talk about I have been developing websites for over 15 years and I have been online for over 23 years.

    Well over 100 customers are very happy that they purchased my WP Secured solution..

    Fact is updating means nothing, the code is not encrypted and hackers have access to the code just like you do..

    If you change how wordpress functions then it is very obvious that hackers can not hack it as they will have no idea what changes you made.

    The past five years has seen the popularity of blogs grow in their use and as a means of making money. That’s the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

    Hackers recently discovered that WordPress Blogs featured an easy path for them to cause their trouble. Many WordPress Blog owners have had their blogs hijacked in a variety of ways. They’ve found ads on their WordPress Blogs that they didn’t place there. Others have discovered that when someone clicks a search engine link to be taken to their WordPress Blog they’re instead taken to a totally different page full of ads that are often obscene and featuring computer viruses.

    Think about it ….

    James

  19. Ben Goheen

    November 6, 2008 at 8:35 am

    @James Stein – you’ve been online since 1985?

  20. James Stein

    November 6, 2008 at 8:45 am

    Actually it was 1984 if you want to get technical.. I was online before domain names and browsers even existed.

    Unlike what most think.. The internet was not just created in 1995 or so .. The internet has existed since the early 60’s, it just was not in the general public then..

    Even AOL has a copyright of 1986 and eWorld (Macintosh online service) was there before AOL and as a matter fact AOL bought it out in I think it was 1994.

    James

  21. SQL Tutorials

    April 30, 2009 at 9:03 pm

    Does anyone know if there is another language or set of commands beside SQL for talking with databases?

    I’m working on a project and am doing some research thanks

  22. Lani Rosales

    April 30, 2009 at 9:49 pm

    webmaster_ref said on Twitter: “In Perl there are other database structures that don’t require any SQL, the only caveat is they don’t work for big amounts of data.” Hope this helps!

  23. Braxton Beyer

    April 30, 2009 at 10:37 pm

    @SQL Tutorials: you could try something like Amazon’s simpleDB

Leave a Reply

Your email address will not be published. Required fields are marked *

Opinion Editorials

Idea: Color-coded face masks as the new social contract to combat COVID-19

(BUSINESS NEWS) Americans must come together on a new social contract if we have any hope of permanently reopening the economy and saving lives.

Published

on

social contract: color coded wristbands covid-19

A church in Texas used a stoplight color-coded wristlet system to help churchgoers navigate the new social awkwardness of closeness. Those with green bands are comfortable with contact including high fives, yellow bands indicate someone who wants to talk but not touch, and red is for someone interested in keeping their distance altogether.

In pre-pandemic America, basic social cues were sufficient to communicate these feelings, and most violations of them were annoying but not harmful. We now live in a world where daily banalities like grocery shopping and shaking hands with a new acquaintance are now potentially dangerous – for you and those you care about.

So what is the way forward?

Humans are social beings, and much of our survival is reliant on our relationships to, and interactions with, other humans. A way forward is critical. But our brains are trained to find and read faces in an instant to assess emotion and whether that emotion indicates a presence of a threat.

Not only has this pandemic challenged our innate notions of community and safety, the scientifically healthy way forward is to cover most of our faces, which is staggeringly counter to our understanding of a threat. It is now impossible to tell whether a sunglassed-masked stranger walking into a restaurant is a robber or just a person who was walking in the sun.

But because we are humans with large brains, we are able to adapt. We are inherently compassionate and able to emotionally understand fear in others and ourselves. We are able to understand both science and social grace. In this case, the science is straightforward but the social grace is not.

Governor Abbott of Texas announced the second closure of bars and reduction of capacity in restaurants last Friday in response to the dramatic increase in coronavirus cases statewide. During the press conference he said: “Every Texan has a responsibility to themselves and their loved ones to wear a mask, wash their hands, stay six feet apart from others in public, and stay home if they can.”

It is this shared responsibility that we must first embrace before any meaningful reopening can proceed.

We must accept that for the indefinite future, we have a new normal. We have to adapt to these new social codes in order to protect ourselves and our neighbors. Color-coded bracelets, masks, hats, choose your accessory – this could be a way forward.

First, we must agree these measures are necessary. And we shouldn’t take them because a politician told us to or told us not to – many people feel that our government has failed to provide us with coherent guidance and leadership considering a broad social contract.

We should adapt them because if you are not free, I am not free. We can do this together.

Continue Reading

Opinion Editorials

What to do when you can’t find your passion and you’re feeling lost

(EDITORIAL) Global Pandemic or not, people struggle to search for job opportunities, their career, and find their purpose. Knowing yourself is the most important part.

Published

on

career choices

Feeling lost? Can you relate to this Reddit post in the Career Guidance forum?

Careers that aren’t boring?

I’m really lost right now. I just graduated high school and I really don’t know what I want to do with my life.

At the moment my only idea is to join the military (United States) and see how it goes. I really want to go to college on the side but I don’t know what I want to get into. I tried coding in high school and it didn’t make sense, making me feel like i won’t be successful in the technology field. Medical field costs too much+ time in school. Only other career field that’s on my mind is engineering but I don’t know if I’ll be successful?

Is it okay to feel like I’ll fail? Will college actually teach you unlike in high school? I feel like high school didn’t really prep me and I’ll be behind”

And then you have to love this response:

Is the grass really not greener on the other side?

I’ve been a trucker since I left school 10 years ago. Every post I come across are full of people dreading the office culture, politics, environment etc. and saying how they’d love to be outdoors.

I work outdoors and it’s shit, -5°C in winter and 40+°C in summer. Slogging 12-15 hour days behind the wheel, micro-sleeping and hallucinating just to make delivery times. Getting filthy and soaking wet when working outside.

The idea of being in a nice cooled office, not having to put my life on the line and actually working on a project with a team sounds so stimulating to me instead of being a monkey behind a wheel. But then I see so many people call themselves monkeys in other professions and hate the office.”

It’s alluring how the ego is meant to ensure our security and survival, and unless we learn how to work with it and the messages we tell ourselves, we can often feel alone, isolated and the only one with these feelings. It is when you start exploring others’ stories that you may feel an a-ha moment, or things may seem like they click.

One would venture to argue that many people are sometimes lost in a fog, and not sure what to do. Above was an example of a high schooler who is feeling like the military might be his only option, but if you read through the thread, it does appear that he has other ideas but just doesn’t know enough about them or doesn’t trust himself enough to look further in to them. And if the military is the right option for him, that is okay too.

“The ego is the human consciousness part of you. It was designed to ensure your security and survival. Unfortunately for many of us it has never relinquished its initial purpose. Instead, for many the ego became the master script writer and because of it, everything becomes a drama based on past happenings.” Beverly Blanchard

If you’re feeling in a fog, people may ask you:

  1. What are you passionate about?
  2. What do you love doing that you can make money from?
  3. What company do you want to work for?
  4. Where do you want to live?
  5. Are you living for your resume, or for your obituary?

If there’s a screaming feeling inside that literally feels like you are going to BURST with all caps of “I DON’T KNOW”, then let’s take a breath and see what we can do to work with that. Here are some ideas that may be great activities for you to help move forward.

Kindly note, the first thing is to allow yourself TIME. You need some time to figure it out, do some research, look in to options, have conversations, possibly work experiences, maybe some inner soul searching and spiritual work. If you think you have to have this figured out right away, you may have already put a limit on yourself (sorry to be a buzzkill but you might need YEARS to figure out your purpose). You ideally need to figure out how to get from A to B, not A to Z right now.

  • Do some research on Design Thinking.
    Spend some time with a journal getting out some of your thoughts so you can move them from the emotional part of your brain to a more logical and rational place (usually once you’ve put something on paper or even said it out loud). You may like this Design Your Life workbook based on a Career Exploration class at Stanford where you explore your interests, and how they can align with work and your purpose. The workbook is great because it gives you writing prompts that help guide you (they also give ideas on how long to spend on an activity so it could be 10 minutes or 30 and you can decide if that is something you can do at that point in time). They also just released a book, Designing Your Work Life. How to Thrive and Change and Find Happiness at Work.
  • Make a simple list.
    Spend 5-10 minutes just writing out things you really like or love (no explanation, just the name of the item). There is no judgement to this list and nothing is too silly (Iced coffee, video games, tennis, music, dogs, photography, favorite subject(s) in school, friends, family, reading…) Walk away. Come back to it. Do any of these things give you clues on what type(s) of professions fascinate you? Then make a list of what you need to do from here (more school, internship, volunteering, pro-bono projects, part-time or full-time job). Stop and ask yourself how you can get more of these things in your day to day.
  • Consider yourself an Investigative Reporter, and talk to people about how they chose their areas of study and/or careers.
    The hope is that you are pleasantly surprised to hear many people have had this feeling and they moved forward anyway. They made decisions with the information they had, and their career and projects grew from there. This could help you recognize what is that next step you need to take.
    I would tell that high schooler to go meet with military recruiting offices and see what they have to say. I’d also suggest they reach out to mechanical engineers and learn about what they work on and what they had to do to get there. If they are unsure of how to find any, check out LinkedIn to start. Many people look at those that they consider to be successful and see where they ended up – often we miss the part of the story about what they had to do to get there. This is what we should be looking to uncover, and that may give us insights on what our next steps can be.
    In job searching, a great tool is conducting Informational Interviews and speaking with people that are in jobs that you think may interest you and they can tell you more real details. Whatever you find to be really intriguing and makes you want to know more about, that could be a good sign of a career/job you’re interested in. Ask them about education and skills requirements and take notes.
  • Consider your life like a flight of stairs.
    Each step is leading to the next one. You don’t have to know or see the entire staircase, and you may not even know what’s on the second floor.
  • Write your Eulogy.
    This sounds really morbid and maybe slightly is, but a plane doesn’t just take off on a flight plan without knowing where it’s going and landing. If you write out your eulogy, you may discover what you want to be remembered for, and start living a life that includes those types of efforts, endeavors, and projects. This also may take a little bit of pressure off of you that everything in your life will not be solely based on your job or career. Then, maybe hide it so your family doesn’t think you’ve lost your mind.

Whatever you do, please know you are not alone and the more you think everyone else has it all figured out, the better acting you are witnessing. Yes, there are people that have known what they wanted to do since they were little but even their job/career has had it’s twists and turns.

Continue Reading

Opinion Editorials

I was laid off, but then my position was filled, what can I do?

(EDITORIAL) Is it good form for your position to be replaced in the middle of a pandemic? No. Is it legal? Well, usually, but what can you do about it?

Published

on

position replaced

If you’ve ever had the misfortune of being laid off, you might have found yourself revisiting your work place’s job posting to see what kind of ship they’re running in your absence–only to find that, instead of downsizing, your employer has filled your old position.

You would be well within your rights to question whether or not your employer screwed with you, and you might even consider contacting legal representation. Before you do, though, keep in mind that being laid off from a position due to budget cuts, and having that position cut entirely are two different things–and you might just be looking for a problem where there isn’t one.

After all, according to Evil HR Lady, this kind of process isn’t just legal–it’s actually pretty normal.

Yes, it’s normal to assume something sinister when you find yourself without a job that someone younger (and let’s not forget cheaper) than you is now doing.

But Evil HR Lady (a personality who, despite the title, seems absolutely benign) points out that seniority often plays a role in who stays and who pays: “[Imagine] there are five team leads, and the company decides to lay off one of the team leaders. This person has seniority over the people below him, so he takes the top remaining position and bumps that person out of their job…The position eliminated is Team Leader, but the person who loses his job is junior trainee.”

The above process is legitimate on paper, but the true take-away here should be that such a “replacement” might not be a replacement at all; downsizing is still downsizing, even if your position isn’t the one that is actually cut.

It is worth noting that the sheer volume of layoffs due to COVID-19 does leave some potential for system abuse. Under the cover of a global pandemic, it wouldn’t be unfeasible for a company to sneakily replace older employees with younger talent under the guise of downsizing, and even though the former employees would have a case for age-based discrimination, they might not think to make that case given the obvious context.

If nothing else, this phenomenon is a functional reminder to keep an eye on your workplace after you leave for a trial period–if for no other reason than to ensure that your employer isn’t trying to pull a fast one.

Continue Reading
Advertisement

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!