Secure WordPress – How to prevent your blog from being hacked

Recently I received a call from a client who had the front page of her wordpress blog hacked. Hidden in the source code was hundreds of links to spam sites. As a result of this Google removed her blog pages for 30 days. She was upset because she had not caused this and her blog pages had some top rankings that attracted a lot of traffic.

Obviously she did not have a secure WordPress version.

Here is what Google said:

While we were indexing your webpages, we detected that some of your pages were using techniques that are outside our quality guidelines, which can be found here: http://www.google.com/webmasters/guidelines.html. This appears to be because your site has been modified by a third party. Typically, the offending party gains access to an insecure directory that has open permissions. Many times, they will upload files or modify existing ones, which then show up as spam in our index.

In order to preserve the quality of our search engine, we have temporarily removed some of your webpages from our search results. Currently pages from your blog are scheduled to be removed for at least 30 days.

We would prefer to have your pages in Google’s index. If you wish to be reconsidered, please correct or remove all pages (may not be limited to the examples provided) that are outside our quality guidelines. One potential remedy is to contact your web host
technical support for assistance. For more information about security for webmasters, see
http://googlewebmastercentral.blogspot.com/2007/09/quick-security-checklist-for-webmasters.html.

What I did to Secure WordPress

1. Removed all spam links from posts and pages.

If you have phpmyadmin, you can scan your posts for links to that particular spam domain, which might make it easier to see which posts have the spam in them. Typically spammers only touch about a half a dozen or so posts per blog, but sometimes more.

2. Upgraded WordPress Blog to the latest version.

Read “10 Steps for Upgrading WordPress

According to the folks at the WordPress Forum the version she had been using contained many security holes.

Resources

How to harden WordPress
http://codex.wordpress.org/Hardening_WordPress

The Ultimate WordPress Security Guide – Step by Step (2017)

9 easy ways to secure your WordPress Blog
http://www.simplehelp.net/2007/09/10/9-ways-to-secure-your-wordpress-blog/

WordPress Security White Paper

http://blogsecurity.net/wordpress/wordpress-security-whitepaper/

Secure Form Mailer Plugin
http://www.dagondesign.com/articles/secure-form-mailer-plugin-for-wordpress/

WordPress Security – 19+ Steps to Lock Down Your Site
https://kinsta.com/blog/wordpress-security/

*****************************************
Receive fresh, in-depth articles articles on how to design, optimize and promote your web site by subscribing to my “Marketing Tips” newsletter at: http://www.isitebuild.com/

Herman Drost is the Certified Internet Webmaster (CIW)
owner and author of Web Site Design, Web Hosting, Search Engine Optimization

Comments

  1. thanks for the links – my site just got hacked, and this will really help me tighten up my ship…

  2. Hello! Very interesting content and information from your blog

  3. Awesome Post!I definitely learned something new today! Thanks Again!

  4. Thanks for the tips and useful information.

  5. Excellent post! Thanks for this beautiful post………..

  6. Nice information…
    Your rss feed is broken, can not open in my chrome browser…

  7. Very informative…This will greatly help me secure my site before becoming a victim like your client.

  8. Internet is so big, so powerful and pointless that for some people it is a complete substitute for life

Speak Your Mind

*