Why was my Wordpress site hacked?

Why would anyone be interested in my site?

In recent years hackers have banded together in part thanks to a lively market for logins, passwords, and just about any type of record that a hacker can use to earn profits from. They are no longer interested in just one or two logins when there are tools that allow them to gather them 1000’s at a time. They can reap profits in many different ways, but the most common are inserting hidden back links to manipulate search engine results, compromising your server as a slave in a botnet, and phishing expeditions. In short, its about the money and hackers can find value in your site no matter how big or small.

How can I tell if my WordPress website has been hacked ?

First you need to realize that most hackers don’t want to crash your site or make it disappear even though it may not “appear” hacked it is. There is no profit in a site that is down they want it up and appearing normal so that most people visiting it don’t even realize it they are in danger.

Here are the ways they can tell the site has been hacked.

  • Your site is redirecting users to a malicious site and trying to install malware on their computer. (Very common)
  • You are seeing words and links to other sites, typically pornography, drugs or illegal services. You may not even see it since it could be white text on a white background, but search engines still can see it. This is really common one easy way for the lay person to see it is go to Google and search “site:yourdomain.com” and you see URLs for pages you don’t recognize.
  • If you see your homepage replaced with some kind of agenda like “Free Palestine”
  • Your web host sends you a message that your website has been hacked. If this happens its probably because you triggered alerts by sending email, or having malicious files on your site. At this point its a smart thing to backup your site, in case they shut the account down. (Dont forget the files, and database)

How did they get into my website!?

More than likely it was because your Wordpress core, theme and plugins files were not updated. The problem is as exploits are reported they are added to automated tools that can scan sites en mass. Your site was more than likely one of many compromised with one of these tools.

So my WordPress website has been hacked, now what?

Hire a professional if there is any value to your time at all. It can take hours, and a deep understanding of the technology to repair the damage and keep it from happening again.

How could I have prevented it?

Most hacks could have been prevented simply by keeping everything up to date but never underestimate the hacker communities intelligence and determination. They are in it for the money, as long as its there they will continue to refine and adapt the processes.

Here are some basic tips:

  • Secure passwords. Take the time to limit the login attempts and put a captcha on the login page.
  • Keep WordPress, and plugins, up-to-date. WordPress itself is very secure and they have a great process of having people report critical security bugs and fixing them fast. However, you have to keep WordPress updated in order for your site to have those security issues fixed on your site.
  • Make sure your computer is clean. We’ve seen lots client sites and finally found that the client’s computer had malware installed on it which could recognize when the he was logged in as an administrator of his WordPress website.
  • Follow the masters WordPress’ own recommendations for keeping it secure.

Questions/Comments?