Even my good friend Mark Goodyear went to log into his blog and discovered that GoodWordEditing was hacked. In his case he couldn’t even log into the blog’s dashboard anymore.
Old WordPress Versions Vulnerable to Hacking
In Mark’s case, as is the case in the overwhelming majority (if not all) of cases, not keeping his WordPress installation current exposed his blog to hackers. In Mark’s case the hackers were going after his passwords.
The trend seems to be the hackers gain access via out of date blogs and insert some password snagging software. Then when the blogger realizes there’s a problem and finally get around to upgrading their WordPress the hackers can come back at their leisure and do whatever they want with the blog. If the blog owner doesn’t change his passwords, that is.
Mark changed his. All of them.
Fortunately for Mark I was able to recover his blog, find and remove the malicious code that the hackers added to his blog. We got him up and running normally over the weekend. He’s now secure and good to go.
Bad to Worse
If left unchecked hackers can put code on your site that will create problems for you with the search engines. As an example Skinny Moose Media has a blog called Main Outdoors Today that will show us what can happen.
If you Google “Maine Outdoors Today” you will get the results shown over on the right here.
Right underneath the page title in the listing is a notice that says “This site may harm your computer.”
If you happen to be a gutsy type and clicked through the listing anyway, recklessly unconcerned of the potential dangers to your computer, Google would direct you to the a page that looks like the image below.
Trust me, it’s not good.
Now it so happens that Maine Outdoors Today is NOT on WordPress. Please don’t think I’m trashing on them. Steve Remington over there is a friend of mine.
Nor am I saying that WordPress is a bad or insecure platform, in spite of the negative spin their competitors are trying to put on this issue.
The good news is that WordPress is a very secure platform if you take some reasonable (and relatively simple) precautions.
The single biggest thing you can do to protect your WordPress blog from hackers it to update it regularly. In Mark’s case he was running a very old version. In fact I’m not sure it had been updated since the site was first set up.
Over time exploits are discovered on old versions of most any software. Think about all the security updates that Windows has users download over time.
WordPress is no different. Update it when new versions come out and you will greatly reduce your exposure to hackers.
The same goes for your plugins. One angle that hackers use is coming into the blog via old (or poorly written) plugins. In the overwhelming majority of cases security breaches in plugins are patched very quickly so keeping your plugins up to date is a must.
WordPress Support by SuccessCREEations
If updating your WordPress installation is more technical than you want to take on by yourself then I’ve got some good news for you. We are now offering WordPress support to help folks keep their blogs secure.
So whether your blog has already been hacked or better yet before you get hacked, we can help you.