Get Adobe Flash player

With WordPress and my SEO consulting Services I am assisting many organizations get far ahead of the competition ...

Contact Gary
Gary Eckstein
Unit 21, 12 Philip Mall Kendall Street
West Pymble
NSW 2073
Australia

04-1092-3445


or why not use the contact form below ...


Your Name (required)

Your Email (required)

Your Telephone

Your Website

Subject

Your Message

Gary provides WordPress training, WordPress consulting and WordPress help in Australia and worldwide

«
»

Has your WordPress Site been hacked?

May 23, 2010

Recently one of my Websites was hacked (not this Website!). The hackers had managed to populate the WordPress site posts (Blogs) with iframes that redirected visitors to a suspicious Website. It appears that a SQL script was run on every post to replace the contents of the posts with the redirecting iframe (WordPress and all plugins were fully up-to-date with the latest patches). Fortunately my AVG security software detected the unwanted iframe which was prevalent on both the hacked Website and the Feedburner RSS feed from that Website.

I have no idea how the hackers accessed the database however I have learnt that using shared hosting (the hacked site was hosted with GoDaddy) may increased the chance of being hacked; if one of the shared Sites is hacked then it may be more simple for the hackers to gain access to the co-shared Sites.

Recovering from a hacked WordPress Website is a time-consuming task and if recent (unhacked) database backups aren’t available then, well, the trouble in recovering is multiplied significantly. There are some good articles out there describing how to recover from a hacked WordPress Site but, more than anything, preventing being hacked is far simpler than recovery. Here are six absolutely essentially tasks related to your Site and Malware:

  1. Create secure passwords (for WordPress, MySQL, FTP etc.) and change them occasionally.
  2. Keep WordPress, Plugins and Themes well as all software on your PC/MAC updated to the latest releases and patches.
  3. Backup your WordPress files and MySQL database regularly.
  4. Check every one of your Websites at least daily for any suspicious data or redirection (an easy way of doing this is subscribing to the RSS feed from your Site)
  5. If your Site has been hacked immediately take action to restore it.
  6. Advise the Search Engines of Malware recovery if necessary.

I am certainly looking forward to using VaultPress which should further minimise the chance of being hacked.

Related posts

Tags: , , , , , , , , , , , , , , , ,

3 Responses to “Has your WordPress Site been hacked?”

  • Siddanth:
    May 23, 2010 at 20:43

    Thanks for the info mate i do interfere at my work place with issues of customers sites being hacked and they arent able to do anythg main thing what as u suggested is to have ur db and wp backed up and have theme authencity checker to check ur theme files for any iframes or base64 eval urls.Havent tried vaultpress but use wp-db back up plugin to back up db

  • WordPress 3 – The Famous 2-Minute Install | Gary Eckstein:
    May 28, 2010 at 19:57

    [...] WP3 is just so simple to install and custom passwords can be entered right from the install (in WordPress 2, a changeable password would be assigned on initial [...]

  • WordPress gets more Secure | Gary Eckstein:
    July 11, 2010 at 20:51

    [...] while back I wrote about how one of my Sites was ‘hacked’ (the Posts were populated with iFrames). The hacking was nothing I could have prevented through [...]

Leave a Reply

«
»