Older Versions of WordPress Hacked

WordPress blogs are starting to get hacked in greater numbers lately. The problem is getting serious enough that the WordPress podcast recently addressed out of date WordPress blogs being hacked.

Even my good friend Mark Goodyear went to log into his blog and discovered that GoodWordEditing was hacked. In his case he couldn’t even log into the blog’s dashboard anymore.

Old WordPress Versions Vulnerable to Hacking

In Mark’s case, as is the case in the overwhelming majority (if not all) of cases, not keeping his WordPress installation current exposed his blog to hackers. In Mark’s case the hackers were going after his passwords.

The trend seems to be the hackers gain access via out of date blogs and insert some password snagging software. Then when the blogger realizes there’s a problem and finally get around to upgrading their WordPress the hackers can come back at their leisure and do whatever they want with the blog. If the blog owner doesn’t change his passwords, that is.

Mark changed his. All of them.

Fortunately for Mark I was able to recover his blog, find and remove the malicious code that the hackers added to his blog. We got him up and running normally over the weekend. He’s now secure and good to go.

Bad to Worse

Hacked Google ListingIf left unchecked hackers can put code on your site that will create problems for you with the search engines. As an example Skinny Moose Media has a blog called Main Outdoors Today that will show us what can happen.

If you Google “Maine Outdoors Today” you will get the results shown over on the right here.

Right underneath the page title in the listing is a notice that says “This site may harm your computer.

If you happen to be a gutsy type and clicked through the listing anyway, recklessly unconcerned of the potential dangers to your computer, Google would direct you to the a page that looks like the image below.

Google Malware MessageHow do you think a message like that will affect your search engine traffic?

Trust me, it’s not good.

Now it so happens that Maine Outdoors Today is NOT on WordPress. Please don’t think I’m trashing on them. Steve Remington over there is a friend of mine.

Nor am I saying that WordPress is a bad or insecure platform, in spite of the negative spin their competitors are trying to put on this issue.

The good news is that WordPress is a very secure platform if you take some reasonable (and relatively simple) precautions.

Update Regularly

The single biggest thing you can do to protect your WordPress blog from hackers it to update it regularly. In Mark’s case he was running a very old version. In fact I’m not sure it had been updated since the site was first set up.

Over time exploits are discovered on old versions of most any software. Think about all the security updates that Windows has users download over time.

WordPress is no different. Update it when new versions come out and you will greatly reduce your exposure to hackers.

The same goes for your plugins. One angle that hackers use is coming into the blog via old (or poorly written) plugins. In the overwhelming majority of cases security breaches in plugins are patched very quickly so keeping your plugins up to date is a must.

WordPress Support by SuccessCREEations

If updating your WordPress installation is more technical than you want to take on by yourself then I’ve got some good news for you. We are now offering WordPress support to help folks keep their blogs secure.

So whether your blog has already been hacked or better yet before you get hacked, we can help you.

Check out our other social media services as well. And be sure to take a look at what people are saying about us while you’re at it.

SuccessCREEations.com runs on the Genesis Framework

affiliate program logo

The Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Whether you're a novice or advanced developer, Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go. It's that simple - start using Genesis now!

Check out these incredible features and wide selection of designs. There are so many to choose from they created this handy theme chooser to help you find the perfect theme for your needs. With automatic theme updates and world-class support included, Genesis is the smart choice for your WordPress website or blog.

Or you can even Become a StudioPress Affiliate yourself to start earning today!

Comments

  1. Thanks again, Chris!

  2. real live preacher says:

    Wow, I had no idea. That goodness I use Drupal and have a tech guy in Australia to run things. What versions of WordPress are safe? I have a number of wordpress sites that I have setup for various things.

  3. Mark, No worries. :)

    Real, The general rule is the most current is most secure. It’s possible that a particular blog may never be targeted by hackers even though it’s running out of date software.

    The question to ask is, am I willing to loose my blog? If not, then upgrading is probably in order.

    Back up early! Back up often!

  4. I tried to go to that Maine Outdoors site, and not only did Google block it, but my own browser blocked it; it was actually somewhat difficult to finally get in. Most people wouldn’t go as far as me, however, so the traffic for that site is probably destroyed. Damn hackers, they are too malicious!

  5. Airsoft, Yeah it’s a real problem. I just had a conversation with another friend this AM who had 2 blogs hacked with malicious code inserted.

    Keep those WordPress blogs updated!!!

  6. I hear you! Too many people just setup their blog and do not bother with the updates. WordPress even shows you if you’re not using the latest version. I think many blogs were installed by some control panel app and until that app is updated non-technical folks do not know how to properly upgrade their site.

  7. Justin, WordPress telling folks their versions are out of date is a relatively recent thing. There are still a ton of installations out there that are old enough they don’t do that for them yet.

    Even though the one-click upgrades such as with Fantastico are much easier, it is still possible for folks to really mess things up with them.

  8. And many people are not updating WordPress because they don’t know if the theme they use will work or not with the new version. I know this is a huge problem for me, especially if is a custom theme I paid for.

  9. Time to update your wordpress! It’s just good practice to stay on the latest version.

  10. RaiulBaztepo says:

    Hello!
    Very Interesting post! Thank you for such interesting resource!
    PS: Sorry for my bad english, I’v just started to learn this language ;)
    See you!
    Your, Raiul Baztepo

  11. Hmm.. nice article and my friend had same problem as Maine Outdoors Today.
    Just google “eobandung” and its look similar case with Maine Outdoors. Now he was looking for inserted dangerous code that was “frame” or “iframe”.

    I got alert like this when trying to open his site:
    s5.tinypic[dot]com/1607ouh.jpg

Trackbacks

  1. [...] your WordPress blog was hacked, say, because it hadn’t been updated in a while you are going to want to take some extra [...]

  2. [...] I’ve said before, like any software older versions of WordPress are vulnerable to hacking. Keeping your WordPress blog version current is a critical step to keeping your site secure from [...]

  3. [...] using older versions of WordPress. It is especially surprising because it is really old news that older versions of WordPress get hacked and one of the biggest things you can do to protect your site is keep your software up to date. [...]

Comment Policy: Your words are your own, so be nice and helpful if you can. Please, only use your real name and limit the number of links submitted in your comment. If in doubt, please take a moment to review our full Comment Policy before you click "Post Comment" so we don't mark your comment as spam.

Speak Your Mind

*

css.php