Make Sure Your WordPress is Not Hacked

By Daniel Scocco

Lately there there seems to be a hacking spree around old versions of WordPress. Most of the times the hacker will edit your theme files to insert spam links. One of my older and non-active blogs got that problem, and I had several friends complaining to me about it as well when chatting over IM.

I would therefore recommend that all of you run a quick check on your WordPress to make sure it has not being compromised.

How do I find if I have been hacked?

The easiest way to identify the spam links is to open your website on a browser and take a look at the source code. Pay particular attention to the header and footer of your HTML, and check if they are links there that were not supposed to be (usually they are related to pharmacy, drugs, credit cards and related).

page source spam links

If you use Firefox you can also click on “Tools,” then “Page Info,” and then “Links.” This window will show all the outgoing links from the current web page that you are visiting.

firefox page info

Finally, you should also examine all your theme files and your WordPress installation for any file or piece of code that looks suspicious.

How do I fix the problem?

Most of the blogs that get hacked are older versions of WordPress that still have several security bugs open, so the first line of defense that you have is to stay updated with the newer versions. If you have been procrastinating your update to WordPress 2.5 make sure to check the Automatic Upgrade plugin, it makes the process really a piece of cake.

Secondly, you should also secure your WP-Admin folder by allowing access only to certain IP addresses. You can do that by creating a .htaccess file (a simple text file named that way) and by dropping it inside your WP-Admin folder with the code found on the article 3 Must Apply Security Tips for WordPress.

Thirdly, you should also disable the navigation of directories on your whole website, so that people can not view what plugins you are using or other sensitive data. You can do this easily by adding the following line to the .htaccess file located on your root directory:

Options -Indexes

Finally, if for some reason you can’t upgrade your WordPress or secure the access to the WP-Admin folder only to certain IPs, you can still delete your theme-editor.php file from the WP-Admin folder. This solution is far from the optimal, but it should help in protecting your blog from people trying to add spam links to your theme files.

Ah, and don’t forget to change your passwords regularly as well!




Share

45 Responses to “Make Sure Your WordPress is Not Hacked”

  • Make Money Online

    Hey great advice I’ve been on alert with all the hacking thats been going around lately, thanks for the tip.

  • Matt Mikulla

    We got hacked and blogged about it:

    http://sitening.com/blog/2008/04/08/wordpress-security-vulnerabilities/

  • Carla

    Thanks for the Firefox link tips. I’ve never used that feature before.

    I guess you’ve removed all my excuses for not upgrading. I’ll have to check out that plugin.

  • Anne Ahira

    Nice article! Very helpful.
    I’ve been experiencing this ‘hacking things’ so many times, and it is really annoying.

  • Michelle

    wow, thanks for that! Luckily, I didn’t see anything, but now I know how to check 🙂

  • Medical Transcriptionist

    Thank you. I was just in trouble and your post was in time to bail me out.

    I’m on Yahoo hosting with crappy service, no updates with WordPress and remaining in version 2.0.2, no access to .htaccess file, and inviting all sorts of trouble with no other option than the last one you said.

  • Abhijeet from Jeet Blog

    Daniel, everything is fine but if you secure your WP-Admin folder by allowing access only to certain IP addresses, then you cannot blog from other computers, like from an internet cafe. That may not be a feasible option for all the bloggers because sometimes you may need to use a different computer at a different location to blog.

  • Voice Of Dingchao

    Oh, since such adventure exists, I’d better check my blog and see whether it is hacked or not, hope not.

    Thank for sharing this tips!

  • Siddharth

    From the security tips above the IP trick to save your wordpress is very important and secure. But the problem is that most of the internet user has a dynamic IP and this process will need a static IP for the htacess file.

  • homelessinomsk

    thx a lot!

  • Daniel Scocco

    Yeah if you have dynamic IPs it becomes a problem.

    @Medical Transcriptionist, my blog that got hacked was also hosted on Yahoo!… lame stuff they got over there.

  • Scott Fillmer

    Good post, thanks for the security suggestions, those are great.

  • Bengt – fortyplustwo

    Thanks for another great post. I especially like the Firefox tip, an easy way to check if my blogs are OK.

  • Mark Avey

    We recently got hit, too. I’ve added some tips here for anyone in the same situation – http://www.psionmark.com/wordpress/the-great-wordpress-attack/

  • Lance Winslow

    Well, indeed, this is by far the most helpful article that I have read on the Internet this entire week, out of about 1200 probably. So, thank you on this. I have had both blogs and forums hacked and I’d would like to propose death by hanging as a potential punishment for such crimes?

  • Jeff

    Good stuff, I wasn’t aware of some of the items mentioned. I do try and keep EVERYTHING updated…religiously.

    It’s just a shame that some losers waste their time trying their best to be major jerks, when they could use their ‘talents’ towards making things better for all…themselves included.

  • Googlelady

    Something similar happened to me and was searching about it, but it seems that just dailyblogtips have about it, and I will send you a BIG thanks for it.
    this is what happened:
    http://www.googlelady.com/796/rss-strange/

  • Medical Transcriptionist

    Though I rectified the hack, my Google traffic is zero now. I couldn’t find on the web an answer to repair this damage. Do you have any suggestions?

  • Daniel Scocco

    @Medical Transcriptionist , you will need to file a reinclusion request, vie the Webmaster Central.

    http://www.google.com/webmasters/

  • Michael

    This is just one great example for why you need to keep your WordPress blog up to date.

  • Fred X

    1 —- Does the automatic update plug in work ? I did some googling and saw some mentions of things being disabled……………………..2 —- Are all my other plugins, mod rewrites safe ??? or do they require re-installation ? 🙂

  • DSTT

    maybe something wrong with my blog!

  • Hauke

    Another method is called “cloaking” in which your website gets re-directed to a spammy website if you are google spider bot. This is difficult to spot, given that we are not the google spider bot, but the good news is that we can pretend to be. Just install the “User Agent Switcher” for Firefox and add a definition for googlebot (see http://www.searchenginejournal.com/how-to-switch-your-user-agent-to-googlebot/7249/)

    How did they do it?

    This is what they added to my .htaccess file after many *blank lines* (so that you could easily miss this addition!!!):

    RewriteBase /
    RewriteCond %{HTTP_USER_AGENT} (Googlebot|Slurp|msnbot)
    RewriteRule ^ http://ahtung.co.in/ [R=301,L]71

    N.B. make sure you scroll down to the end of your .htaccess file when checking!

  • medyum

    Thanks for the Firefox link tips. I’ve never used that feature before.
    I guess you’ve removed all my excuses for not upgrading. I’ll have to check out that plugin.

Comments are closed.