Wordpress Blog Hacked
If you're new here, you may want to subscribe to the RSS feed for this blog. Or you can subscribe to a combined news feed for all SMM publications. Thanks for visiting!
It’s hardly news. Hacking into blogs is far more prevalent than you may think. A Google search for ‘My Blog Was Hacked’ gives a count of over 2,770,000 web pages. I regret to say that this blog was hacked into by a real expert some 10 days ago. Since then, I’ve done a great deal of exploration and frankly it’s all very fascinating.
In this post, you will find hints on how to stay vigilant so that you will be aware if your blog is hacked. In a subsequent post, I will give some more advanced tips on how to stay vigilant and make your blog more secure. In a final post, I will describe some of the results of such hacking activities.
An underlying realisation in all that is written is that some hackers are extremely knowledgeable and skillful. The best you can do is to ensure that your blog is as secure as you can make it. It then is like the old joke about outrunning the bear. You don’t need to outrun the bear, but only your buddies who are with you. There are a host of other blogs that are insecure, and that may be your biggest protection.
Whose Blogs Get Hacked?
WordPress is quite rightly enormously popular software for writing blogs. As more and more people use it, it becomes a more interesting target for hackers who try to exploit any weaknesses in the software.
It was not surprising to see items such as Wordpress 2.1.1 Dangerous, Upgrade beginning to appear early in 2007. Nor was it difficult to believe that Matt Cutts WordPress Blog had been hacked, when this appeared on April 1, 2007. That was a spoof but since then there have been many real hacking incidents. Al Gore’s blog was, according to Stuart McKeown, as was the WordPress blog of Matt Heaton (Bluehost and Hostmonster CEO). It continues unabated as Stephan Miller and members of the Wordpress Support Forums can testify.
How Will You Know If Your Blog Is Hacked?
The real problem is that you may not realize your blog has been hacked. There may be no visible trace of the hacker’s work. The hacker may wish to boost the search engine visibility of online non-prescription medications or pornographic websites. It is done in such a way that it is hidden from prying eyes.
One useful test is to look at the source code for the blog. In Internet Explorer this can be seen by clicking on View > Source. In Mozilla Firefox, this can be seen via View > Page Source or from the keyboard by pressing
Make Your Blog More Secure
Matt Cutts has given some useful tips to protect a WordPress installation. The most important of these is to ensure you always have the latest and most secure upgrade of WordPress. It is perhaps fitting that this blog post appears when WordPress version 2.3.3 has just been issued. This topic will be covered more fully in a subsequent blog post.
Further Articles in the series:
Guarding Your Wordpress Blog
How Wordpress Blogs Are Hacked
BPWrap
February 5th, 2008 at 8:41 pm
Thanks for the link Barry. The main culprit in my blog and a few others was a Wordpress forum plugin that allowed the hacker in, specifically Refresh from Georgia. There is only about 2000 some results for his name in Google now. At one time there was over 200,000. It was a massive amount. I linked to the details.
February 5th, 2008 at 9:56 pm
Thanks for that reference, Stephan. I think that is only one of the many ways that hackers get into WordPress blogs. Vigilance is the watchword.
February 8th, 2008 at 1:26 pm
[...] even though some seem unaware it has happened. If you have not yet read the first article, Wordpress Blog Hacked, you may find it useful to do so before reading this follow-on article. However it is not required [...]
February 21st, 2008 at 10:08 am
[...] BPWrap [...]
April 7th, 2008 at 3:16 pm
I agree with the latest update. You should always upgrade no mater what script you are using. However there are hacking groups able to get in no mater what latest version script you have. I run a great deal of security for my servers and still from time to time get hacked. The biggest tool you have is to always back up your data. I generally perform nightly backups just for this reason. Unfortunately it is a necessary evil. No mater what script you run hackers are waiting. The more popular the better! BACK IT UP!
May 1st, 2008 at 4:04 am
When I first started in Real Estate I had a WordPress blog that I used quite frequently. At the time I was completely ignorant to most, if not all, SEO. Well, it got hacked. After about 6 months I joined a forum and quickly learned from some of the other members that there was all kind of hidden text and keyword stuffing in my cached snapshot of just the text on my blog. I had been hacked and was essentailly advertising for all kinds of lovely stuff like “Pe_n_s Enlargement” and other misc. things. It took a little while to clean up. I am just glad that it happened to me in the very early stages of my social media campaign. Now I know what to look for and tend to be in defense mode most of the time. I guess you have to be….
May 4th, 2008 at 7:55 am
I always skim through any PHP code I come by before i place them on my webservers, for those who don’t have any programming background then it is always good to keep in touch with security websites, and subscribe to the PHP authors mailing lists/RSS feeds for newer versions.
May 7th, 2008 at 3:47 am
Thanks for the informations Barry. We just had to fight a hack-attack of a (well, we guess) competitor in the spanish real estate market. Anybody experiences with these kind of problems with Drupal?
Best regards from Spain
May 8th, 2008 at 10:46 am
The biggest hole in web security is the user
May 8th, 2008 at 6:59 pm
Matt’s post gives some great tips to keep your install secure. If you follow them I think your installation should be pretty secure!