Preventing hacks on your WordPress blog ...

Many times the hackers are pretty slick, and you might not even know you’ve been hacked until you start to lose traffic or see a weird error. I had a few blogs hacked about a year ago and it took me a while to notice because I wasn’t regularly monitoring my traffic.

Some symptoms I’ve seen (on my own blogs or on my clients’ blogs):

    * Delisting, a dramatic drop in rank, or a “caution” page from Google. You’ll usually find out about this a while after the hack, either when you search for yourself on Google, or (if you usually get a lot of traffic from Google) when you notice your traffic go down. Sometimes you’ll get an email from Google that alerts you to the situation.
    * Strange links in your posts that just “appeared.” You’ll usually only spot these if you go back and edit an existing post, so many bloggers don’t notice these right away, either.
    * Weird blog behavior, like blank pages or “secret” pages that only show up if you try to go to a page that doesn’t exist. Not all of this points to being hacked (for instance, an out-dated plugin can cause a blank page) but it’s often the first clue that something’s wrong.

Why isn’t it easier to spot? The hackers purposely hide most of the evidence from you, and intentionally set it up so that search engines (like Google) see the new “content” they’ve added, but regular visitors (including you) do not. That makes it harder to catch the hack right away and makes it more likely the hackers will accomplish their goals.
What’s in it for the hackers

Most of the hacks I’ve seen have one goal: promoting spam sites. No doubt there are some purely malicious hackers who simply enjoy damaging blogs, but most seem to use hacking as a means to an end.

When they hack your blog, the most common thing they do is put in links to other sites, often porn, pharma, or other lucrative targets that are presumably paying for the effort. Why? Because when your site (presumably a respectable blog that Google knows is not a spam site) links to their site, they get a little boost with Google.

Google knows this happens and actively tries to stop it, but until they recognize that the linked sites are spam, those sites get some benefit. Google usually catches on pretty quickly, though, and when they do, your blog gets penalized right along with the spam sites it’s linking to.

This doesn’t bother the hackers much, because they’re already automatically hacking the next unsuspecting blog (and they sure as heck don’t care that their gain is your loss).
How they hack your blog

By far, the number one cause of hacked WordPress blogs is not having the most recent version installed. WordPress is software, and like any software, the people who wrote it try their best to make it as secure as they can, but occasionally there’s a bug. Sometimes these bugs, if not fixed, can allow hackers into the software.

With desktop software, like Windows or Photoshop or Firefox or Word, when a bug is discovered, the software company creates an update that fixes the bug and the software asks you to upgrade. This is the purpose of services like Windows Update—to make sure you have the latest version of the software, and all known bugs are fixed.

With software like WordPress that’s installed on a web host, it’s a little more complicated. Just like desktop software, when a bug is discovered, an update is created and the software prompts you to upgrade. However, the actual process of upgrading involves downloading and uploading files, backing up your database, and other tasks that non-techies find similarly intimidating. So many bloggers just don’t upgrade.

Though the bloggers often assume that they’re only missing out on new features when they don’t upgrade, the much more important fact is that they’re also leaving known security flaws wide open for hackers. Just like Windows, you only get the protection of the update if you install it. That’s why it’s so important to always have the latest updates (both with Windows and WordPress and any other software you use).

source: findableblogs

 View Full Story.