There has been an outbreak of blog hack attacks recently – I should know I have been the unwelcome victim of one. The main focus of the blog hack attacks is older versions of the free WordPress blogs that are less than the latest 2.5 version release.
The hackers are inserting hundreds of spammy links that point to drug, credit card and gambling related sites into the header and footer files and then making them not visible when viewing your blog page with a simple CSS manipulation.
Its rife, its rampid, its a really big problem and the majority of everyday bloggers don’t have a clue they have been hacked and infected with spammy links that will punish their site and any site that is affiliated via links inbound or outbound.
Beefing Up Blog Security
A few things you should do straight away is to upgrade your blog to the latest WordPress 2.5 release. Its a straight forward process and you can view the full instructions here : http://codex.wordpress.org/Upgrading_WordPress
For those that don’t have the patience to read through here’s a quick simplified guide:
- Download and unzip WordPress 2.5
- Back-up your Blog files onto your local drive
- Turn off all plugins
- Delete the wp-admin and the wp-includes folder on your server
- Upload the new WordPress 2.5 wp-admin and wp-includes folder
- Delete the index.php file in the wp-content folder and then upload the index.php file from the wp-contact folder in your 2.5 release
- Delete all top level files except your wp-config file and replace with top level files from the 2.5 release. Remember don’t overwite your wp-config file * your database info is kept in here *
Now type the following in your browser window :
yourdomain.com/wordpress/wp-admin/upgrade.php
Replacing yourdomain.com/wordpress with your site path to the wp-admin folder. That’s it your done! Just re-enable your plugins from earlier and your back up and running as per normal.
Additional Security
Here are a few tips to help strengthen your blog from attacks.
- Another way hackers can get access to your blogs admin area is via your plugins. Create a blank index.html file and upload it to your plugins folder.
- Dowload and install wp-scanner plugin to run over 9 security checks against your blog. *
* Caution : Please be aware that some plugins may send information regarding your site back to a third party and thus add to your security woes instead of helping to tighten them. I cannot endorse any of the plugins mentioned within this post because I do not know the security risks that they may carry.
They Got IN Now What?
First step is to remove the inserted links : they normally go for the header and footer files. Next alert Google by logging into Google Webmster Tools (if you don’t have an account then create one it only takes 2 minutes) and click the link on the right hand side titled ‘Request reconsideration’.
Explain in your statement that you have had your blog hacked and the links have now been removed and the site is clean. Back up your claim by inserting a cache link of your site and detailing where the spammy links are residing in your code i.e. They start at line 200 or just under the < body > tag. It may seem obvious but you must consider you are presenting evidence to clear your site and your name. Finally, also add what prevention steps you have taken to help beefen up security.
Next is the waiting game – however I began to see some improvement about 4 days after I submitted my reconsideration request regarding my search positions. Today is 7 days after the event and the majority of my rankings are gaining some ground – I once again reclaimed 1st page for “SEO Company“.
Watch who you link out too!
A hacked site will have some penalties against it : in Google’s eyes you’ll be what is termed as a bad neighbourhood. I removed all outbound links during this time throughout the entire site so as not to hurt anyone else from my sites temporary penalty.
Hopefully we can create a safer environment for bloggers all over. If you know someone who runs a WordPress blog on their site get them to check for hacked spammy links : also make sure they upgrade and think about security for the future.
I’m sure there are more helpful tips that others would like to share with everyone via the comments.
Update : Tim Nash has recently released a post that goes over the security issues of WordPress and a whole lot more … WordPress Suitable for SEO’s … Tim goes into more detail than I myself could. Its a highly recommended read.
