Automattic does a decent job making sure that their WordPress is secure, but we know that hackers are ever-lurking behind the scenes to break into your blog.

How do you know if you’ve been hacked? And what do you do if you experience a breach? Read below for our tips.

Symptoms of a Hack

Sometimes you don’t even realize you’ve been hacked, but here are some clues:

  • Your blog is down entirely (and you haven’t made any changes to it recently)
  • Your dashboard is inaccessible (and you hadn’t installed anything new or performed any upgrades)
  • You notice new, unknown users added in your dashboard
  • Your WordPress directory now lists new files – look for oddly placed .jpg, .bak, etc. which may include hidden scripts with commands like eval() or base64_decode()
  • Your RSS feeds that are spitting out odd links or showing gobbledygook
  • Google splashes a red page saying “Warning: Visiting this site may be harmful to your computer” which can indicate that your site has been detected with malware
  • Google search results show your site’s page titles and snippets full of Levitra, Cialis, etc.  Now known as the pharma hack, this is one is long-lasting and awful vicious

How to Clean Up From a Hack

While this is not a complete list by any means (every hack is different), here are the minimal steps we recommend:

  1. Remove any rogue / odd users
  2. If you are still using “admin” as your username, go update that now (meaning make a new user ID, signing into it, then deleting admin, and finally attributed all pages and posts to your new ID)
  3. Minimally change these passwords: all WordPress admins, MySQL user, host control panel, and FTP
  4. Generate new keys for your wp-config.php file
  5. Check Google’s Safe browsing tool: http://www.google.com/safebrowsing/diagnostic?site=yoursite.com (remember to change yoursite.com to your domain name)
  6. Click over to Sucuri, who will clean your WordPress install and database from hacks and malware quickly and cheaply

Tips to Keep Your Blog Hack Proof

  • Keep your blog software up-to-date
    • Google is checking to see if you have the latest version of WordPress before indexing your site, so this is always a good practice)
  • Keep your themes, plugins, and any third-party add-ons updated
    • You can’t be too careful when connecting to other APIs as they could offer a backdoor into your blog
  • Take care when selecting your theme
    • Some free themes have been known to house hidden, malicious code
    • Some themes have yet to upgrade their porous timthumb scripts (used to generate on-the-fly thumbnails found on many blogs)
  • Put an htaccess password to access your backend
  • Consider installing these plugins:
  • Stay informed