Protect Your WordPress Blog

I was viewing a friend’s website on my Blackberry the other day, when I noticed a bunch of random unrelated links above his header. There were Viagra links, Honda links, Cialis links, Acai links…etc. You name the affiliate link, and it was probably there. When I visited his site on my laptop, those links were nowhere to be seen.

Several months ago, I had a similar problem, which my developer diagnosed as some sort of code injection. This was attributed to my not upgrading to the latest WordPress version (currently 2.8.4). Basically when security flaws are found, WordPress closes those holes in the next edition, and site owners need to upgrade ASAP. Because hackers and other malicious people can then learn what security flaws were found in the previous version, they can exploit those flaws in blogs and websites that aren’t running on the most recent version.

In any case, it can be a bit tricky to remove the cause of the malicious links, but it’s important to do so, otherwise your site is leaking “search engine link juice,” and those links can be harmful. This doesn’t even consider that other areas of your site may have been attacked, which can cause other problems. Simply upgrading to the newest version of WP may not help, as the malicious code will still be there.

One of my the best things for me is that the person who manages the technical side of my blog is knowledgeable about programming and WordPress, and he has been able to help me with errors (both human error and a malicious hacking attempt). If you don’t know of a capable person, it would be wise to find someone smart that you trust who can help you at a moment’s notice. There are also plenty of resources on the web that can help you, but sometimes the fixes are complicated.

Always be on the look out for strange things that happen with your blog’s performance and layout, and if you notice something funky, don’t just cast it aside. Search Google, Twitter, and WordPress to see if other people are facing the same issues. Stay on top of WordPress or other platform updates and security warnings, and you may help prevent damage to your website.

Related posts:

  1. Snoop Around and Access Someone’s WordPress Dashboard Panel While doing some testing on one of my websites that...
  2. Problem with WordPress Upgrade I think about 50% of my websites are built on...
  3. WordPress Security No matter who you are or what you do online,...

Written by on September 11, 2009
Posted in: Advice, Web Development
Tags: , ,
Minds and Machines

Comments (4)

Jamie Zoch

September 11th, 2009 at 2:01 pm    

gravatar

Although many use WordPress, this type of hacking is not only limited to WP sites, but other sites as well. I had wrote about a sneaky hack job that was done to one of my sites and it is not a WP ran site currently. http://www.dotweekly.com/2009/09/11/the-hidden-hacker-redirecting-some-parts-of-site/

The basics of what I wrote in my post, the hacker redirects “some” parts of your site to their site, parking page, affiliate program etc. At times, visiting the domain of your site simply redirects you to the hackers site.

Wordpress Security Tips

September 11th, 2009 at 2:04 pm    

gravatar

@Elliot

Here’s a few more tips that I wrote about earlier this year:

http://toomanysecrets.com/wordpress-security-tips/

Jim

September 11th, 2009 at 2:26 pm    

gravatar

I had a similar thing happen a few months back on one of my sites that would redirect search engine queries.

For example someone searched google or yahoo or msn for “cheap travel to Tajikistan” and your site was listed, if the searcher clicked your link, they would hit your site and be redirected via a bogus .htaccess file.

The issue and it’s fix are documented here:

http://blog.unmaskparasites.com/2008/12/05/bogus-antivirus-2009-htaccess-exploit/

Leave a reply

Name *

Mail *

Website