Help, My WordPress Site Has Been Hacked!

Nearly 20 percent of the Internet is built on WordPress, according to a recent article by WP Engine. WordPress is a simple and easy to use content management system (CMS) which was originally designed for blogging. In the 10 years since its birth, WordPress has grown to be CMS for just about anything.

Here at Blue Corona, we love WordPress almost as much as we love Matt Cutts. But most WP installs have serious security problems and with them, increasing the potential your website will be hacked. Hackers can install malicious code, redirect your website to another, or take your website down altogether. The consequences of these unapproved changes can be devastating to your business and your SEO efforts.

Most Common WordPress Security Problems

To protect your WordPress site, look for some of the following vulnerabilities common in WordPress installs:

Old versions of WordPress: Since WordPress is open source, old versions contain security vulnerabilities which have been made public. Hackers regularly scan the Web for old versions or WordPress, which make easy targets. For example, WordPress 3.2.1 has 24 known vulnerabilities, and several of them will allow full access to your website. The older the version the gets, the more often your site will get hacked. Here’s a list of vulnerabilities by WordPress version. Updating to the most recent version of WordPress can help protect your site from getting hacked. This is the most common problem as well as the easiest to fix.

Old versions of WordPress plugins: In addition to old WP installs, many old versions of WP plugins have documented exploits. Make sure to keep your plugins updated.

Using vulnerable WordPress plugins: Since anybody can write a plugin and share it, you should check both that you are using the most recent version of the plugin and that the version you are using doesn’t appear on this list of vulnerable plugins.

Timthumb.php files: Some time ago, there was a file called timthumb.php that many people used in their WordPress plugins and themes. Later, it was discovered that this particular file was extremely vulnerable to attack. In fact, if this file appears on your webserver, it is possible for an attacker to gain control. Unfortunately, there are thousands of locations where you might find a timthumb.php file, and there are several different names. This makes them very difficult to find without the aid of a computer program. Contact us for a free security scan of your WordPress website!

Weak passwords: All users for your WP site should have strong passwords. It should not be one or two words with a number at the end. This type of password can be guessed through a brute force attack, where the attacker tries thousands of password combinations generated from a keyword list.

Your password SHOULD be at least 10 random characters from the set of uppercase letters, lowercase letters, numbers, and/or special characters. This type of password has 62^10 possible combinations and cannot be broken by brute force.

Good Password Examples

• akEnke39@!9u
• 32rnioMEWOP0
• qweMN*8Zgs21

Bad Password Examples

• Soccer
• Admin123
• 123456
• bluesky

Remove offending code: Malicious code inserted on your website could destroy all of your hard work very quickly. If your WordPress website has been hacked, it’s crucial that you remove all of the offending code. One good way to do this is to download your site with Dreamweaver and use the “search all site” function to find malicious code.

Once your website has been compromised, you can never be sure your website and webserver are secure. Ideally you should start with a fresh version of WordPress and your most recent backup database. Unfortunately, most people don’t backup their websites as often as they should.

Think your WordPress site has been hacked? Call us today. You rely heavily on your website for your business—securing it should always be a priority!

Getting Hacked and “Negative” SEO

At Blue Corona, we don’t take part in unethical black hat or negative SEO tactics. Not all SEO companies and web developers are as virtuous. Several case studies have highlighted the efficacy of negative SEO strategies. Negative SEO traditionally refers to spamming links to a competitor’s URL with hopes they are penalized. Penalization by Google or Bing is difficult and time consuming to remedy, and it can have disastrous results for your search engine rankings.

Competitors capable of exploiting vulnerabilities in your WordPress website can do a variety of things to tank your rankings. They could block the Google spider, add links to bad neighborhoods, add malicious code, or redirect visitors to another website. If your WordPress site is not secure or has any of the known vulnerabilities, you’re giving your competitors a huge opportunity to negatively impact the visibility of your website.

Use Google Webmaster Tools to Alert Yourself of Malicious Content

If you or your online marketing company is not using Google Webmaster Tools to monitor the health of your website, you’re not doing all you can to ensure its security. Google recommends performing the following checks with Webmaster Tools to help prevent malware infections:

• Check the Malware page in Google Webmaster Tools (found under “Health”). This will list URLs on your site that have been identified as having malicious code. Additionally, you’ll also see malware notifications from Google on your Webmaster Tools homepage.
• If you suspect someone put cloaked content on your site, you can use the “Fetch as Google” tool to see a page the way the Google crawler sees it.
• Also check the “Search Queries” page on Webmaster Tools. According to Google, “If unexpected keywords (such as “Viagra”) appear in the list, it’s a signal that your pages have probably been compromised.”

If your site has been hacked, you can also use Google Webmaster Tools to check if you’ve removed all of the malicious code. In general, it will take a day or so for Google to remove the malware warning for your site from Webmaster Tools. If the warning remains after several days, this is a good indicator that your site is still housing malicious code.

If you’re worried about the health of your WordPress site or you’ve been hacked, we can help! Call Blue Corona today. Our web development team can identify your site’s security vulnerabilities, assist with removing any malicious code, secure your site, and help protect you against future attacks.