The unscrupulous world of wordpress hackers…don’t become a victim

WordPress Security

“Buy cheap, pay twice” goes the old-wives tale, and despite WordPress being open-source and obstensively free it’s easy to get it wrong

‘It all seemed so simple, I set up WordPress on my cheap hosting package and installed a theme, we we’re flying high for a period of time, on the first page for search results and then all of sudden we started appearing for ‘Louis Vuitton’ bags. I noticed it first when I posted articles on Google+ and the title was showing the wrong information…’

Sound familiar? Your site has been hacked and you’re about to join the rollercoaster that is ‘recovery’, a long and laborious process of seeking malicious code and removing it, then moving off-site to remove 10,000’s of links with no relevance.

As a website owner a hack is your worst nightmare, you can spend huge volumes of time removing it only to find you never recover your visibility due to under lying issues (believe us we’ve seen it). It could of all been avoided if you’d spoke to a dedicated WordPress agency.

Anyway let’s not dwell, instead lets focus on the issue at hand. Have you been hacked? Some tell tale signs:

  • New users – check your users panel, are there people in there that you don’t recognize If you’re seeing administrators called, ‘Mickey Mouse’ and ‘Donald Duck’ it’s very likely you’ve been hacked and new admin accounts have been created
  • Popups – randomly appearing and you don’t know anything about them
  • Links magically appearing or certain pages automatically forwarding to another site
  • New text appearing in the footer stating, ‘View Source’
  • Plugins – seeing new text appear in plugins
  • Activity spikes – huge volumes of traffic coming to your website (beyond your normal thresholds)

If you’re experiencing any of the above (it’s usually a group of them) then I’m afraid to say your WordPress website has been hacked and you’ll need to address it immediately, leave it at your peril and you’ll have to burn your URL (it’s that extreme).

What do the hackers do?

The first thing to note is they find vulnerable sites, at this point it’s important to note WordPress does not have security issues if you keep it updated and it’s set up correctly (which often it’s not) then it’s one of the most secure platforms online.

The majority of the time they find vulnerable configurations, poorly built sites, plugins with ‘backdoors’ (entry points for hackers) and easily accessed hosting. Once they get a sniff they’ll typically follow some of these procedures:

  • Admin – set up multiple admin accounts, some you’ll be able to spot, others you won’t. They’ll clone your accounts so even if you remove their accounts they’ll still be able to gain access
  • URL injection – the hacker will set up multiple (100’s) of new pages on your site, all containing non-related spammy words or links. These pages will contain code that creates actions that are not part of your site (e.g. forwarding to another site
  • Social bookmarks – your social footprint goes off the scale, Google+1’s go from a handful to 1000’s.
  • Stability of the site – functions that have always worked start to go wrong and the usability of the CMS becomes increasingly difficult

This highlights some of the most common known hacks, each time they access a vulnerable site they add new levels of complexity and cloak what they’ve done making it increasingly difficult to find and remove offending code.

Their activity does not stop there beyond your site they’ll create 1000’s of links on spammy websites and infiltrate your social metrics providing high volumes of likes, shares and +1’s, which may look impressive but all the while they’re sending the wrong signals to Google and screaming ‘penalty’ in Webmaster tools.

What can be done?

If you’re experiencing problems such as those noted the first thing to do is not panic. Follow some of these initial steps:

  • Check your analytics – have you seen any massive spikes of traffic?
  • Check your site using Google search: ‘site:www.xxxx’ can you see any strange url’s?
  • Install ‘Wordfence’ plugin and block all countries bar your home e.g. UK
  • Contact an expert – don’t try to repair it yourself, hackers are very clever and will set up trap doors, cloak code and it’s very likely you’ll come a cropper
  • Hosting – change your server (use dedicated WordPress hosting, they’ve got security baked in)

What are the long term issues of hack?

Hopefully you would of caught it quickly and you can resolve on and off site issues effectively. Anything beyond a month can lead to long term issues such as:

  • Dramatic loss of visibility – the hackers have destroyed the structure of your site and indexed you for 100’s of keywords that have no relevance, this sends the wrong signals to Google and can destroy your visibility
  • Spammy links – hackers will of built links of sites that have no administrator with no relevance and they cannot be removed. Sure you can use the ‘disavow tool’ or ‘a reconsideration’ however the links have been placed in a way that even these tools sometimes prove to be in-effective
  • Recurring issues – code has been hidden throughout the site and cloaked you’ll continue to have issues beyond the hack. Change your hosting, remove all administrators and start again
  • Social footprint – you’re social footprint will have raised signals with Google, to go from zero to hero in the space of a couple of weeks is going to cause concern and it’ll be difficult to get rid of this legacy
  • Errors – even if you clean up the url’s and 404 them they’re going to linger for months, maybe years in Google webmaster tools
  • Burn the URL – in extreme cases (you’ve lost all your visibility) you may have to burn the URL and start again. If there is a dark cloud around your site (not of your doing) then it might be best to start a fresh and this time adopt security best practice.

Don’t get caught out, a hack will cost you time, money and may be even your site. Speak with WordPress experts, we include security as a basic requirement in everything we build.

By Gyles Seward