Connect with us

Opinion Editorials

Hackers Attack & Stats Drop: Your WordPress Blog Could be a Victim

Published

on

HAcked WordPress


It Happens

Sensational title?  You hear about it on other blogs, it happens to government sites, It happens to Al Gore and to Bill O’Reilly… But you never dream it will happen to you. I recently found out that my WordPress site had been hacked into by a dirty, stinking, filthy spammer. It wasn’t even flattering, since I was not specifically targeted in the hack, but only one of hundreds more that were used by a script made to crawl and automatically find vulnerable sites and exploit them. The hacker didn’t even have to exert any effort. This was truly insulting.

Traffic and rankings drop off the map

It all started when I logged into my Google Analytics to check on my stats. I wanted to see if I had broken another traffic record, instead I found that my search engine traffic had dropped by about 80%. I frantically checked Google for a keyword I know I rank for, and found that I was completely absent from the results. I checked another term, and I was nowhere to be found. I had been dropped from the search results.

Since I had no idea why, I started to think that I might have built links too fast, or that maybe I had been sandboxed or something due to climbing too high too quickly. There was nothing I did that could have fallen outside of Google’s guidelines. I was stumped until I searched and found that there was a possibility that I was hacked and might have hidden links on my site. I checked my source code on a few pages and didn’t see anything fishy. After scouring for more information online I ran across an obscure post describing the exact problem I was having.

They will take advantage of you

Since I hosted my sites on an inexpensive shared server, it is possible that my site was sharing the same server with many other websites. Hackers with malicious intent can scan for vulnerable sites, and break into the site using SQL Injections and/or other methods. They don’t do it for sport, they do it to ad hundreds of outbound links from your site to another for SEO reasons. They hope to make a quick buck by inflating their rankings overnight. My hacker was placing hundreds of links to a .edu website that had a vulnerability they exploited causing it to redirect back the their Canadian pharmacy site. It was a double-layered scheme that helped them protect their site from being de-indexed by putting the heat on the school website. I’m still confused, but here is the bottom line: If you use open source platforms… secure your site!

Securing WordPress

There are a few steps you can take to help minimize the chance of attack by “security through obscurity”.

  1. Upgrade! Keep your WordPress install up to date at all times. Apply any patches released by the WordPress development team ASAP when they are released. They often will seal up any security holes that may have been found.
  2. Use a dedicated server: The cheap hosts like Dreamhost and Bluehost (and many more) use shared server environments. This allows hackers to sign up for cheap accounts and get access to a sever box that could be hosting a lot of vulnerable sites. Even more expensive cloud hosts like Mosso or MediaTemple share servers, but the high price of an account increases the barrier to entry purely for malicious intent, so it’s less likely. A dedicated server is the best way to go. (Not to mention the fact that your site loads a lot faster, so your visitors and Google bots will like that).  If you don’t want to drop that kind of money, skip this step.
  3. Remove “WordPress” and “version” references where possible in your theme. Any mention of “Powered by WordPress” should be removed from the footer. If your theme includes a “generator” meta reference in the header, remove it. This allows for easy scanning by a hacker by letting them know that:  A: You are running WordPress.  B: What version you are running. This is a beacon for them that can be easily turned off without any issues.
  4. Remove any unused plugins, they can have holes you may not know about. It’s best to delete them from your wp-plugins folder if they are doing nothing. While you are in the plugins folder, add a blank page title “index.html” or “index.php” this will prevent others from being able to see what plugins you have installed simply by going to “www.yoursite.com/wp-content/plugins”.
  5. Try to limit access to your wp-admin directory using a .htaccess file. Lock down the directory so that only certain IP addresses (your own) can access it. Use the method described here. Or try this plugin. (I have not tried the plugin personally)
  6. Re-name your “admin” default user to something else. For details, look here.
  7. Back up your site! This will not prevent an attack of course, but you can recover quicker if you are messed with, and you can refer back to the original file to see if anything fishy was added.  It’s hard to see funky changes in your database if you don’t have a reference point.  Make sure to back up your entire directory by dragging your wordpress install onto your local machine, and then back up your MySQL database.
  8. This is only the beginning: Check out this post for more. It seems like a headache, and it really is.

You may not know until it is too late

The fact that I had been hacked had gone undetected for so long due to the fact that it was virtually invisible, even in my source code.  The added code was only showing the filthy links it added if the browser was determined to be the Googlebot.  One way I found the links was to impersonate the Googlebot with Firefox.  Another way to see if you were hacked is by typing “site:https://www.yoursite.com buy”  without the quotes of course.  The “buy” added on the end was meant to catch the most common word the hackers would use in a dirty link.  You can replace it with other common spammy words if you would like.  Try this out, and if you see what I saw, you may start to cry.

The steps I mentioned above are only a few ways to begin your security measures.. there are many more.  If you have been hacked, I encourage you to find out what was done and clean it up.

Proactivity is important

If you run wordpress or other open source CMS’s, you need to take the steps to make sure you are upgraded and secure.  Risking a plugin conflict is not as important as ensuring you are not dropped from Google.  After I cleaned out my site by removing the added lines of code from my theme, removing the added user from the database, and removed the new hidden plugins that were added, I was able to request a reconsideration from Google.  I didn’t get an actual response, but I think they got the message because my site seems to be ranking better again.

Follow the rabbit holes below to learn more:

TechCrunch: WordPress Security Issues Lead to Mass Hacking

Holy Shmoly: Did Your Website Get Hacked?

Technorati: WordPress Security Tips

Writer for national real estate opinion column AgentGenius.com, focusing on the improvement of the real estate industry by educating peers about technology, real estate legislation, ethics, practices and brokerage with the end result being that consumers have a better experience.

Continue Reading
Advertisement
23 Comments

23 Comments

  1. Matthew Rathbun

    October 26, 2008 at 3:41 pm

    Carson,

    Thanks for this post. I’ve just been totally abused by spammers over the past two weeks and have gone down one PR. I’ve spent the weekend, updating plugins, and removing those I don’t use.

    Why these idiots feel that attacking other people’s blogs is “impressive” or adds value to their lives, I’ll never understand. I can only hope that they spend eternity in hell, having to read and delete their own spam e-mails and nothing else, for the rest of their miserable existence! What a bunch of losers!

  2. Stephanie Edwards-Musa

    October 26, 2008 at 4:16 pm

    Hey Carson, the number of visits to my site has dropped quite a bit in the past few weeks, but I have not figured out why. Since it is so specific to certain information, it could just be a decline in interest right now….who knows.

    I’ll try your tips. Thanks a lot. 🙂

    PS- It was nice finally meeting you the other day. We need to get together again soon and roll some ideas.

  3. Carson

    October 26, 2008 at 4:42 pm

    Stephanie – I did a site check for turninghoustongreen.com and I didn’t really see any spammy stuff. The stats drop I saw was huge, and it happened overnight. If you ever see a huge drop because of this, you will know.

    Matthew – I think the hackers main goal is to plant outbound links to their sites… Maybe the 9th circle is just an eternal flow of bogus spam wordpress comment approval emails that never end… if that is the case I might already be there.

  4. Nat

    October 26, 2008 at 6:52 pm

    I’m just a newbie in doing my own blog on wordpress. In fact, I’ve been fighting so hard to get started, I haven’t gotten started. However, I did get suckered into paying for 2yrs up front for bluehost. I’ll have it up and running soon enough, and I’m bookmarking this to come back to. I’m sorry you went through what you did, but thankful you took the time to create this how to for the rest of us.

  5. Carson

    October 26, 2008 at 8:21 pm

    Nat – I didn’t really mean to demonize all shared servers, sometimes it is just not financially feasible to get a dedicated server. There are alternatives such as a virtual private server that can add a level of security that is less costly. Keeping your install upgraded is the most important step, and when combined with the other measures you can take to secure wordpress, can increase the security against hacks. A firewalled private dedicated server is just an added layer that can protect against a third party trying to break in. I don’t want to scare anyone too much.

  6. Jay McGillicuddy

    October 26, 2008 at 9:13 pm

    Hi Carson, we were hacked about a year ago and it was a mess. Thanks for the tips I will implement a few of the tips here and I do use a few also.

    I agree with Matt we have been spammed like crazy this past month. I don’t understand the reasoning either.

  7. James Stein

    October 26, 2008 at 9:39 pm

    Great post … Problem is just making backups and updating will not stop the hackers..

    While WordPress does what they can to offer updates that will allow the owner of a hacked WordPress Blog to start to put things back together, if you had a security and safety net that would keep you ahead of hackers, your risk of loss and damage would be eliminated.

    WordPress Secured Slams The Door On WordPress Blog Hackers

    WordPress Secured is the only solution that will help protect you ..

    James

  8. Ben Goheen

    October 26, 2008 at 11:58 pm

    Great post Carson – I didn’t know about some of these security issues. I’ve already implemented a few fixes and will work on more this week.

    Just my 2 cents for an excellent web hosting company, check out Media Layer. Their uptime and support are far superior to the cheapo companies, yet the price isn’t outrageous.

  9. Elaine Reese

    October 27, 2008 at 7:05 am

    I use WP.com … the free version. Does that lessen the opportunity for hackers? I’m assuming your post is referring to the WP.org version where users must decide on a company to host the blog. I also use Akismet and have all comments held until I approve them unless I’ve approved the person previously. Does that help?

    Akismet catches a lot of spammers that try to put up their links on my pages. I just delete.

  10. Jim Gatos

    October 27, 2008 at 7:09 am

    A hacker or spammer infiltrated my shared server Self Hosted WordPress Blog (HostGator) and I didn’t even know until I saw my site was labeled a “phishing” site by many places, including McAfee. I went with Typepad and all my headaches went away..

  11. James Stein

    October 27, 2008 at 8:33 am

    No the only thing that will stop the hackers is if you modify how wordpress itself functions. I have a full detailed step by step system that will show you with screenshots exactly how to secure your wordpress blog. Nothing else on the market can help you .. I am a website developer of over 15 years so I fully understand and now how scripts work.

    See the link on my name…

    James

  12. Carson

    October 27, 2008 at 8:49 am

    James – Ever heard of the “soft sell” approach? Who am I kidding, you didn’t actually read the post.

  13. Carson

    October 27, 2008 at 9:10 am

    You know what, no.

    James’ comments are a perfect example of how not to market yourself on a blog. First of all, the original comment he left ignored all steps but #1 and #7. So you ignored pieces of the post to serve his own point. Second, he speaks in absolutes: Nothing else but HIS solution and product can help you. Third: He uses marketese in his comment: “Slams the Door on WordPress Hackers”. Fourth: He did not add anything to the conversation… just a harsh claim attempting to de-value the solution originally offered and sell his own. Fifth: He uses one of those “sales” pages that scream out “scam” to sell his product. Sixth: He did not know his audience. The title of this blog is AgentGenius, Not AgentDumbass. I’m sure everyone knows that but I wanted to deconstruct the method and make it offer some value here.

    James – If your product solves the problem let us know how it works. Many readers here would be very interested in a single miracle step that would solve security issues, so you have the right audience. Don’t squander a good opportunity to sell it.

  14. James Stein

    October 27, 2008 at 9:31 am

    I did not ignore them at all .. The fact that backing up and updating will not keep you safe should mean something.. This is a serious problem that has cost business income, traffic, revenue and more…

    1. Rename your admin username, ok fine that does not stop hackers from accessing the admin

    2. Using a dedicated server has NOTHING to do with it, even dedicated and unsecured can still be hacked.

    3. Keeping up to date means nothing, the hackers also have access to these updates and remember the code is not encrypted.

    4. Limit access to your admin by IP .. Any hacker can fake your IP and the fact that most have changing IP’s this means nothing.. What you going to do block yourself from your own admin ?

    5. WordPress version means nothing, it still has the same coding style as older wordpress.

    6. remove unused plug-ins .. I agree

    7. backup.. I agree but this should be done with any site not just wordpress

    I fully read the post, fact still remains unless you take action yourself and changethe functionality of wordpress you will never ever stop the hacks. The hackers know exactly how wordpress is coded.. Unless you change how it functions, then they have no idea how to hack it as they will not have any knowledge of what you changed.

    James

  15. James Stein

    October 27, 2008 at 9:38 am

    From customers.. since you asked.. Just a few testimonials…

    ———————–
    Thanks James, just what I was looking for.

    I had one of my blogs hacked a couple of weeks ago. Luckily, it was one that I hadn’t spent a lot of time on so I just deleted and started it over.

    It is a small price to pay to protect your business.

    Again, thanks.

    Lewis
    ——————-

    Ok well I just purchased WordPressSecured and I have to say it is detailed. I have been using WordPress for years and have read and implemented the majority of the security tips out there.

    But, I have never seen anything like this. I can see that I have some work ahead of me this week updating my blogs.

    James I have to say thanks for a great product that delivers what it promises.

    ——————

    I have to say, I’ve benefited James’ tips on this thread pasted right below were immensely beneficial in helping me secure my WordPress:
    My wordpress blog hacked – again!

    Several of my WordPress sites were hacked (as well as non-WordPress scripts, a directory script, and membership scripts I paid for). Some of the hacks were truly scary like one that used one of my sites as a launch pad to send out fraudulent Bank of America emails to extract innocent victims’ financial information. Crap like that could land the wrong person in jail!

    The most common hacks were ones based out of Turkey, who took their grievances and disputes out online on such sites as one I set up to help pets in shelters get adopted. They’d deface my sites with images of soldiers, curses against Israel and Norway (what homeless dogs and ferrets have to do with these hackers’ grievances is beyond my understanding)

    Anyway, after implementing James’ suggestions to secure WordPress, hackers were no longer able to penetrate my WordPress sites, though my server did report that hackers were still targeting them, sometimes slowing my sites down.

    WordPress Secure would definitely be a wise investement. I say this, having already benefited from James’ /The RichJerksNet expertise in this area, without having it yet. Getting it all in one resource would be very nice.

  16. AskApache

    November 5, 2008 at 11:39 pm

    Nice post Carson,

    happened to find it from a trackback I received and just now got to it in the moderation stack. (cant find the link?).

    #5 limit access to your wp-admin directory using a .htaccess file

    The AskApache Password Protection plugin tries to automate the task of securing your blog (not just wp-admin) by using .htaccess to configure your site. You can always download the plugin at WP, but if you are interested in the actual explanations of what the code does, check this post out, it shows the code.

    I’ve been working on the new version for a month, so stay tuned.

    The most important tips (in my experience) for keeping your blog secure that you mention above are ( 1, 4, 2, 5 )..

    If you keep WP upgraded you are safe, but keep in mind that almost all the exploits that are used to crack a WP blog are actually exploiting vulnerable PLUGINS and THEMES.

    So if you only use vetted plugins and a custom theme (delete everything else/unused) then you should be good.. Also, you mentioned using a dedicated host, and that is probably the best way to limit the potential fallout from a cracked blog from spilling over to all your other online stuff. Nice blog!

  17. AskApache

    November 6, 2008 at 12:15 am

    Oh and BTW, without flaming your blog.. James doesn’t have a clue what he’s talking about.

    Clearly lacks any knowledge/experience of auditing code to find a vulnerability, then creating a custom exploit for that vulnerability, creating an agent to carry the exploit payload across Internet Protocols recognized by the target (blog on HTTP), and finally delivering and executing the payload.

    It’s quite nearly impossible to “fake” an IP address, read anything about IP protocols and Kevin Mitnick to get a clue.

    Updating your WP is the single best thing you can do… because exploits are custom built to exploit vulnerabilities in OLD versions. Once an exploit is made public, through honeypots, active logging, etc.. WP releases an update. See “Open Source” for basic background on how this works.

    No offense James, you’ve put some effort and thought into your suggestions but without understanding what an exploit is and how a server/web app/system operates you’ll just be wasting your time.

    I’d liken your ideas to this scenario.. A user spends a lot of time creating a custom password-login-prompt that is loaded every time a user wants to login to the admin panel.

    Seems secure..

    [ request admin ] => [ password prompt ]

    But thats completely misleading. Here’s how the request really travels.

    [ request admin ] ==> [ protocol setup OS-dependent ] ==> [ server finds requested file ] ==> [ server determines how to “handle” file (php) ] ==> [ server executes php binary or module ] ==> [ php opens file according to php config ] ==> [ requested file parsed by php ] ==> [ php includes wp-config.php to access database ] ==> [ php sends output/headers on tcp/ip connection established by server app ] ==> [ finally your password-protection is loaded and executed ]

    Now that is entirely over-simplified, and you can see that there are around 15 different points in-between when the request is sent to the server and when the password-protection actually starts. All it would take is modifying file permissions, changing wp-config.php info, modifying how the server “handles” php, executing a OS-level/Server-level/Protocol-level/Application-level exploit and all that so-called “security” is completely circumvented.

  18. James Stein

    November 6, 2008 at 8:31 am

    I fully understand what I talk about I have been developing websites for over 15 years and I have been online for over 23 years.

    Well over 100 customers are very happy that they purchased my WP Secured solution..

    Fact is updating means nothing, the code is not encrypted and hackers have access to the code just like you do..

    If you change how wordpress functions then it is very obvious that hackers can not hack it as they will have no idea what changes you made.

    The past five years has seen the popularity of blogs grow in their use and as a means of making money. That’s the meat that computer hackers look to sink their teeth into. A recent report by the Congressional Research Service stated that the financial impact of computer hackers amounts to $226 billion annually. Another report calculated that hackers could be taking up to six cents of every Internet dollar of revenue.

    Hackers recently discovered that WordPress Blogs featured an easy path for them to cause their trouble. Many WordPress Blog owners have had their blogs hijacked in a variety of ways. They’ve found ads on their WordPress Blogs that they didn’t place there. Others have discovered that when someone clicks a search engine link to be taken to their WordPress Blog they’re instead taken to a totally different page full of ads that are often obscene and featuring computer viruses.

    Think about it ….

    James

  19. Ben Goheen

    November 6, 2008 at 8:35 am

    @James Stein – you’ve been online since 1985?

  20. James Stein

    November 6, 2008 at 8:45 am

    Actually it was 1984 if you want to get technical.. I was online before domain names and browsers even existed.

    Unlike what most think.. The internet was not just created in 1995 or so .. The internet has existed since the early 60’s, it just was not in the general public then..

    Even AOL has a copyright of 1986 and eWorld (Macintosh online service) was there before AOL and as a matter fact AOL bought it out in I think it was 1994.

    James

  21. SQL Tutorials

    April 30, 2009 at 9:03 pm

    Does anyone know if there is another language or set of commands beside SQL for talking with databases?

    I’m working on a project and am doing some research thanks

  22. Lani Rosales

    April 30, 2009 at 9:49 pm

    webmaster_ref said on Twitter: “In Perl there are other database structures that don’t require any SQL, the only caveat is they don’t work for big amounts of data.” Hope this helps!

  23. Braxton Beyer

    April 30, 2009 at 10:37 pm

    @SQL Tutorials: you could try something like Amazon’s simpleDB

Leave a Reply

Your email address will not be published. Required fields are marked *

Opinion Editorials

Sci-fi alert: Building cities on quantum networks becoming reality

(OPINION / EDITORIAL) The University of Bristol’s Quantum Engineering Tech Lab has created quantum networks that demonstrate the possibilities for future cities.

Published

on

Quantum network connections in theoretical city at night time.

The University of Bristol is home to the largest quantum entanglement-based computer network in the world. Its Quantum Engineering Technology Lab, led by Dr. Siddarth Joshi, has been spearheading the development of a method of encryption called Quantum Key Distribution that may soon revolutionize information security.

First, what is quantum computing, exactly? (Giving a concise answer to that question is sort of like nailing jelly to a wall, but here goes…)

Much like a light switch, a conventional computer circuit can only be in one of two states at a time: On (1) or off (0). That’s basically how binary code works – by representing information as a series of discrete on and off signals, or high and low energy states.

Quantum computing makes use of a third kind of state that exists between those two.

Think about it this way: If classical, binary computing models rely on energy states of “yes” and “no” to communicate data, quantum computing introduces a state of “maybe.” This is because at the quantum level, the photons that make up the information in a quantum computer can exist in multiple places (or energy states, if you prefer) at once – a phenomenon known as “entanglement.”

Entangled photons cannot be observed or measured (i.e., tampered with) without changing their state and destroying the information they contain. That means quantum computer networks are virtually hack proof compared to traditional networks.

This is where Dr. Joshi’s team is changing the game. While previous attempts to build a secure quantum computer network have been limited to just two machines, the QET Lab has been able to establish a quantum encrypted network between eight machines over a distance of nearly eleven miles.

As Dr. Joshi puts it, “until now, building a quantum network has entailed huge cost, time, and resource, as well as often compromising on its security which defeats the whole purpose. […] By contrast, the QET Lab’s vision is scalable, relatively cheap and, most important of all, impregnable.”

If it can be successfully scaled up further, quantum encryption has countless potential civic applications, such as providing security for voting machines, WiFi networks, remote banking services, credit card transactions, and more.

In order for an entire population to be able to utilize a quantum network, fiber optic infrastructure must first be made accessible and affordable for everyone to have in their homes. In that sense, quantum cities are still roughly two decades away, posits Dr. Joshi. The technology behind it is very nearly mature, though. A simpler application of quantum encryption is practically right around the corner – think quantum ATMs in as few as five years.

Continue Reading

Opinion Editorials

5 ways to grow your entrepreneur business without shaming others

(OPINION / EDITORIAL) We all need support as business owners. Let’s talk ideas for revenue growth as an entrepreneur that do not include shaming your competition.

Published

on

Entrepreneur women all talking around a meeting table.

The year 2020 has forced everyone to re-assess their priorities and given us the most uncertain set of circumstances we have lived through. For businesses and entrepreneurs, they were faced with having to confront new business scenarios quickly. Maybe your entrepreneur business was set to thrive as behaviors changed (maybe you already offered contactless products and services). Or, you were forced to add virtual components or find new revenue streams – immediately. This has been tough.

Every single person is having a hard time with the adjustments and most likely at different stages than others. We’re at the 6-month mark, and each of our timelines are going to look different. Our emotions have greeted us differently too, whether we have felt relief, grief, excitement, fear, hope, determination, or just plain exhaustion.

Now that we are participating in life a bit more virtually than in 2019, this is a good time to re-visit the pros and cons of the influence of technology and marketing outreach online. It’s also a great time to throw old entrepreneur rules out the window and create a better sense of community where you can.

Here’s an alluring article, “Now Is Not the Time for ‘Mom Shaming’”, that gives an example from about a decade ago of how the popularity of mommy bloggers grew by women sharing their parenting “hacks”, tips, or even recipes and crafting ideas via online posts and blogs. As the blog entries grew, so did other moms comparing themselves and/or feeling inadequate. Some of the responses were natural and some may have been coming from a place of defensiveness. Moms are not alone in looking for resources, articles, materials, and friends to tell us we’re doing ok. We just need to be told “You are doing fine.”

Luckily, some moms in Connecticut decided to declare an end to “Mom Wars” and created a photo shoot that shared examples of how each mom had a right to their choices in parenting. It seemed to reinforce the message of, “You are doing fine.” I don’t know about you, but my recent google searches of “Is it ok to have my 3-year old go to bed with the iPad” are pretty much destined to get me in trouble with her pediatrician. I’m hoping that during a global pandemic, “I am doing fine.”

Comparing this scenario to the entrepreneur world, often times your business is your baby. You have worn many hats to keep it alive. You have built the concept and ideas, nurtured the products and services with sweat, tears, and maybe some laughs. You have spent countless hours researching, experimenting, and trying processes and marketing tactics that work for you. You have been asked to “pivot” this year like so many others (sick of that word? Me too).

Here are some ideas for revenue growth as an entrepreneur (or at least, ideas worth considering if you haven’t already):

  1. It’s about the questions you ask yourself. How does your product or service help or serve others (vs. solely asking how do I get more customers?) This may lead to new ideas or income streams.
  2. Consider a collaboration or a partnership – even if they seem like the competition. “If you want to go fast, go alone. If you want to go far, go together.” – African proverb
  3. Stop inadvertently shaming the competition by critiquing what they do. It’s really obvious on your Instagram. Try changing the narrative to how you help others.
  4. Revisit the poem All I Really Need to Know I Learned in Kindergarten and re-visit it often. “And it is still true, no matter how old you are – when you go out into the world, it is best to hold hands and stick together.”
  5. Join a community, celebrate others’ success, and try to share some positivity without being asked to do so. Ideas include: Likes/endorsements, recommendations on LinkedIn for your vendor contacts, positive Google or Yelp reviews for fellow small business owners.

It seems like we really could use more kindness and empathy right now. So what if we look for the help and support of others in our entrepreneurial universe versus comparing and defending our different way of doing things?

Continue Reading

Opinion Editorials

Can we combat grind culture and injustice with a nap?

(OPINION EDITORIALS) A global pandemic and a climate of racial injustice may require fresh thinking and a new approach from what grind culture has taught us.

Published

on

Sleeping cat with plant, fighting grind culture.

Information is delivered to us at warp speed with access to television, radio, and the internet (and more specifically, social media). We are inundated with messages. Oftentimes they’re personalized by something that a friend or family shared. Other times we manage them for work, school, or just keeping up with news. Many entrepreneurs already wear many hats and burn the midnight oil.

During this global pandemic, COVID-19, we have also seen a rise in awareness and attention to social injustice and systemic racism. This is not a new concept, as we all know. But it did feel like the attention was advanced exponentially by the murder of George Floyd on Memorial Day 2020. Many people and entrepreneurs felt called to action (or at least experienced self-reflection). And yet they were working at all hours to evolve their businesses to survive. All of this happening simultaneously may have felt like a struggle while they tried to figure out exactly they can do.

There are some incredible thought leaders – and with limited time, it can be as simple as checking them out on Instagram. These public figures give ideas around what to be aware of and how to make sure you are leveling up your awareness.

Dr. Ibram X. Kendi, Director of the Center for Antiracist Research – he has been studying anti-racism and has several books and interviews that help give language to what has been happening in our country for centuries. His content also delves into why and how white people have believed they are more than people of color. Here is a great interview he did with Brené Brown on her Unlocking Us podcast.

Tamika Mallory – American activist and one of the leading organizers of the 2017 Women’s March. She has been fighting for justice to be brought upon the officers that killed Breonna Taylor on March 13. These are among other efforts around the country to push back on gun control, feminist issues, and the Black Lives Matter movement.

Brené Brown – research professor at the University of Houston and has spent the last two decades studying courage, vulnerability, shame, and empathy. She has been listening and engaging on how racism and our shame intersect. She also speaks about how people can reflect on themselves and where they can take action to better our society. She has some antiracism resources on her website.

With all of this information and the change in our daily routines and work habits (or business adjustments), what is a fresh approach or possibly a new angle that you haven’t been able to consider?

There is one social channel against grind culture that may not be as well-known. At an initial glance, you may even perceive this place as a spoof Twitter and Instagram that is just telling you to take a nap. But hold on, it’s actually much smarter than that. The description says “We examine the liberating power of naps. We believe rest is a form of resistance and reparations. We install Nap Experiences. Founding in 2016.”

It might be a great time for you to check out The Nap Ministry, inspired by Tricia Hersey. White people are called to action, and people of color are expressly told to give time to taking care of themselves. Ultimately, it goes both ways – everyone needs the time to recharge and recuperate. But people of color especially are being told to value their rest more than the grind culture. Yes, you’re being told you need to manage your mental health and include self-care in your schedule.

Through The Nap Ministry, Tricia “examines rest as a form of resistance by curating safe spaces for the community to rest via Collective Napping Experiences, immersive workshops, and performance art installations.”

“In this incredibly rich offering, we speak with Tricia on the myths of grind culture, rest as resistance, and reclaiming our imaginative power through sleep. Capitalism and white supremacy have tricked us into believing that our self-worth is tied to our productivity. Tricia shares with us the revolutionary power of rest.” They have even explored embracing sleep as a political act.

Let this allow you to take a deep breath and sigh – it is a must that you take care of yourself to take care of your business as well as your customers and your community. And yes, keep your drive and desire to “get to work”. But not at your expense for the old grind culture narrative.

Continue Reading

Our Great Partners

The
American Genius
news neatly in your inbox

Subscribe to our mailing list for news sent straight to your email inbox.

Emerging Stories

Get The American Genius
neatly in your inbox

Subscribe to get business and tech updates, breaking stories, and more!