Today’s article is a guest post by Sarah Kimmel who blogs at Technology for Moms and Organized Mom. You can follow her on Twitter at @Tech4Moms.
There is nothing like losing your sense of security. Feeling violated and vulnerable are two horrible feelings, but that’s exactly how you will feel if you find your blog has been hacked! Often your site can be hacked for quite a while before you even notice that something is amiss. This article aims to give you advice and tips to recognize when you’ve hacked and how to make your blog unattractive to would-be hackers.
How do I know if my blog or website has been hacked?
Although it’s usually obvious when a blog or website is hacked, there are times when you may suspect you’ve been hacked but just aren’t sure. Here are a few of the warning signs you’ve been hacked:
- Your Google Page Rank starts to drop for no apparent reason.
- Your blog loads more and more slowly (and you haven’t added a ton of plugins).
- You notice strange links on your website.
- Your Google webmaster tools show strange keywords to describe your site.
- You perform a Google search for your site, the results show titles and descriptions that do NOT describe your site, yet still have your URLs.
- Your website or blog traffic starts decreasing for no logical reason.
If you aren’t sure your site has been hacked (or just want to be sure), do a Google search for a spammy keyword like this keyword:yoursite.com. Try different spam keywords to make sure your site is clear.
If you have been hacked, contact a professional who specializes in WordPress blog help to help you remove the infection and secure your site.
Why do hackers attack a website or blog?
One reason hackers attack your website or blog is because they want to hijack your Google ranking in order to promote (and increase) their own Google ranking. And as you can imagine, there are many different types of hacks. One of the most popular hacks is a Pharma hack where the hackers insert spam content into your site that is related to different types of medications. Other hacks are more obvious because they use adult content and software sales.
How do hackers attack a website or blog?
Usually, a hacker will try to hack one of your passwords first (e.g., your WordPress admin password, your database password, or your FTP password). Once the hackers have one of your passwords, they can gain access to the rest of your sites depending on which password they have discovered. They can also exploit a vulnerability within a plug-in or the WordPress installation itself. However, WordPress is pretty good about discovering vulnerabilities and locking them down quickly.
Once hackers have access to your site, they will either place new scripts in your website to run their malware, inject malicious code straight into your database, or change the files you currently have (which can make cleanup a real pain sometimes!). Hackers may also insert spam into any portion of your website, such as within your footer or in the META information on your site. They also can create an administrator WordPress account that will not appear in your admin page.
Best Practices for a Secure WordPress.org Blog Site
You can take specific steps to help ensure that your site isn’t infected with malware or hacked in some other way. Heed the advice in the list below for starters:
- Make sure your administrator WordPress login, your database password, and your FTP password are all different and complicated. Passwords that are 20 characters long with a variation of numerals, upper and lower case, and special characters are your best bet.
- Delete the admin account in WordPress and create an administrator login with a unique name (not the name of your blog or your name). Be aware that you may run into a few snags. The gals at 5 Minutes for Mom explain how they found out about (and fixed!) some issues that arose when they deleted a WordPress admin account.
- Always keep your WordPress installation and plug-ins updated. When you see a notification on your WordPress dashboard that an update is available for any plug-in(s), update immediately.
- Restrict access from other locations to your wp-admin folder. You can do this by entering your home’s IP address in your .htaccess file within the wp-admin folder. For computer help on setting this up you can contact Sarah via her Twitter handle @Tech4Moms.
Hackers continue to find ways around security measures. If you follow the tips in this article, you may make your site less appealing to an attack.
Sarah Kimmel has the blog you never knew you needed at www.tech4moms.com, where she offers tech tips, and help for all of your technology related toys. She can also be found blogging at www.organizedmom.net helping busy moms everywhere get their lives organized!
Great article. I haven’t paid any attention to my potential vulnerability but I’m going to institute some of these recommended steps.
I would like to recommend you using CloudFlare, it protects you from hacker based on IP, I’ve a tutorial here: http://www.intenseblog.com/articles/lets-improve-your-website-performance-with-cloudflare.html
I’ve been trying to raise awareness on the problem with WordPress and hackers for a couple of years now. In fact, here’s one statistic I found by looking through my blog’s archives.
In 2009 I wrote an article on WordPress security and I told people to go to Google and type in, My Blog was Hacked. It returned at that time 2.6 million results. Fast forward to now and the same search returns over 17 million results.
Like you mentioned, one of the best ways of keeping yourself secure is by being prepared (upgrades, passwords, etc.).
One great plugin to get which will help you be prepared is the WordPress File Monitor plugin. It will notify you if anything has changed on your blog.
Pingback: Bad Plug-Ins and Getting Hacked | Sugar in the Raw