WordPress websites are all the rage these days. You probably even have one. They are the greatest, mainly because they are both user-friendly and Google-friendly. Their popularity also makes them attractive targets for hackers, unfortunately. It helps to understand why websites get hacked, as well as what you can do to prevent it.
Malicious people take advantage of the vulnerabilities in systems like these for many reasons. Most often, it’s not personal (even though it feels that way!), but rather to generate revenue. They do this by serving up malware (see below for a definition of that) to the visitors of the site; placing spam comments on your site and blog (annoying!); or putting ads on the site or in the text that will generate links back to their site. Sometimes, your website will get hacked in order to take it down or deface it, but that seems rare these days unless you are super famous.
This 4-part series of articles will focus on WordPress hacking; What happens when you are hacked, how to backup your WordPress website, how to prevent website hacking, and what to do if your WordPress site is hacked.
If your WP website gets hacked, these are the 2 most likely things that can happen:
1. Malware can be installed on pages and links – This is malicious software (hence the catchy phrase “malware”) that can make your computer stop working, or steal sensitive information from you such as passwords, email addresses, or other personal information.
The Malware may install a virus on your computer or website. This is software designed to cause damage to files on your computer, and replicate itself, also causing damage to the files on the computers of any visitors to your site. The virus can also infect any click-through links you have on your site as well.
Malware can also install Password stealing programs on your computer – This is software designed to steal your log-in info, also known as “Key loggers,” and send them to the hacker, giving them access to some of your most valuable information. The program may also take over your address book, sending spam to family, friends, and business contacts. These programs are very subtle and you may never know they exist – until people begin complaining to you or you realize someone has been in one of your otherwise secure accounts.
Malware can also cause Sudden content changes or odd redirects on your website. Don’t remember linking to Viagra.com on your resources page? Chances are, your website is infected.
2. In some cases, you can experience a Complete shutdown of your website – with all of your files deleted, all images erased, all of your stuff gone…all the hard work you’ve put into your website eliminated – foooorrrrreeeevvvverrrrr (unless you have a backup, which we’ll talk about later).
How to find out if you’re a victim of website hacking
Your website is one of the most important investments you’ve ever made; taking time, effort, stress, and money to create and maintain. It is far too valuable to let something happen to it. There are a few very easy – and free – tools for checking the health of your website.
Our number one favorite is by a reputable malware monitoring and cleanup service called Sucuri. While there is a fee to use their service, there is no fee to check out your website. You can do that here.
Google also offers a free way to check your site. The Google Safe Browsing Tool is simple to use. Simply type the following URL into the address bar in your browser, followed by the URL of your website – after the “equal” sign (=), http://www.google.com/safebrowsing/diagnostic?site=www.myawesomewebsite.com (replace www.myawesomewebsite.com with your own URL)
3 Quick anti-hacking steps to take NOW
Once you’ve determined that your website is not currently infected, it’s important to work to prevent it from happening in the future, and also to protect yourself in case it does. We will go into more detail about prevention in a subsequent post but, for now, here are a couple of things you can do right now to protect your website.
- Back-up your website – For WordPress websites, there are any number of high quality, cost-effective plugins you can use that will automatically back up your data and content on a regular basis (we will describe this in more detail in another post).
- Use a strong password on your website. To check the strength of the password you would like to use, go to the Microsoft Password Checker and – well – check the results. It’s FREE!
- Update your website and plugins regularly – as part of your back-up process (we will give you more information on that later, too).
Obviously, there is a lot that can go wrong if your website gets hacked. There are also a lot of things you can do to prevent or greatly lessen your chances of something going wrong. For that, stay tuned for our next articles on WordPress website hacking.
I was investigating some hacked sites that looked normal to the browser but were triggering errors in Google. Turns out the altered code was doing some things to evade normal detection. I ended up writing a tool to help people check for this — as I trace back some of the search results I’m finding more and more.
The site is http://www.isithacked.com. It’s finding some sites that Sucuri is missing. It also does the Google Safe Browsing tool check.
You are absolutely right. Obviously, there is a lot that can go wrong if the website gets hacked. There are also a lot of things can do to prevent or greatly lessen the chances of something going wrong.
TotalWebSecurity is your one stop solution for your web security needs. It combines best of Automation and Team of Experts to make sure that your sites are always safe and running live.
totalwebsecurity.com
Thank you Steve, for the resource of your company. We talk about some of those steps to take on a follow up post here:
Simple steps to take to prevent WordPress website hacking