Related Posts

  1. Critical Update for WordPress – Upgrade to 3.0.4 Now!
  2. WordPress Updated
  3. Explode and Increase Comments Using These WordPress Plugins
Comment Trackback

IN Blogging

WordPress Blog Hacked!

posted Thursday, September 17th, 2009

In one sentence – Upgrade to WordPress 2.8.4 right now!!

That is unless you want to leave your blog open to being hacked. If you are using an older version of WordPress, your blog has security vulnerabilities. Thankfully, these security loopholes have been fixed in WordPress.

If you don’t think this can happen to you, think again!

One of my websites which is based on a WordPress blog and was running on version 2.0.9 got hacked a while back. I would never have found out if not for Google Webmaster Tools.

So if you have not signed up for that yet, better do so asap as they have some very good tools which will help with optimizing your website/blog.

Once you are signed up check the link in the sidebar: Your site on the web > Keywords

This section shows the most common keywords Google finds on your website.

For me I was getting adult related keyword results which were not on my website. On checking the website source, I could see nothing. On checking the cached version at Google, I found the source had a zillion links to websites using these keywords.

I searched all over for an answer, I checked my files and database as much as I could but could not figure out where the links were coming from.

My Solution

In the end the best solution, albeit a time consuming one, was to re-install WP 2.8.4 with a new database and a new database user. Here’s how:

  1. Created a new database, a new database user and installed WP 2.8.4 in a sub folder called Blog.
  2. Replicated WP settings and started installing and setting up the plugins.
  3. Uploaded the old theme from my computer where I had a clean copy.
  4. Started copy/pasting the pages and posts content manually.
  5. Once the whole thing was set up exactly how I wanted it, I deleted the files in the root folder.
  6. Next step was to move the files from the blog folder to the root folder.
  7. Next I deleted the old database and any users associated with it.
  8. Just to be safe also changed the hosting and FTP passwords.

Now the true test – waiting for Google to crawl my website again to see if it will pick up the clean version or if the hack is still there. I will update this post as soon as I have that information.

Upgrading WordPress

If you’d like to upgrade to the latest version of WordPress and you are using WP 2.7 + then upgrading is simple. You can upgrade from within WP control panel by clicking Upgrade Now.

However, if you are using an earlier version which was installed manually, then it will have to be updated manually as well.

If you want I can do that for you. The options are:

$47 for the basic upgrade
$97 for the basic upgrade plus plugin upgrade.

Hire Me to upgrade your WordPress and avoid getting hacked

  • http://www.austindivorcehelp.com Divorce Lawyer Austin

    I havent notice anything with my WP blog better check things out, thanks for the heads up.

  • http://www.texasdivorceguide.com Julie Hodges

    I’m not really funned of updating WP especially if I’ve already installed all the plug ins. But with this latest incident theres no choice but to update.

  • http://dropit2.blogspot.com/ Emotional blogger

    Re-install WP with a new database and a new database user can be very time consuming ,just wonder did you lost you PR on this case?

  • http://www.lvrealty.net Charles @ Las Vegas Real Estate

    Probably one of the best tings about version 2.7 is the ease of upgrading to a new version. It will definitely encourage WP newbies to upgrade more often.

  • http://www.interestratesonhomeloans.org Max@Interest Rates on Home Loans

    I have also had a blog hacked in the past which wasn’t too bad as I was pretty diligent about backups, but it sure was irritating. I have gone back to static html pages for most of my sites partly because of the security concerns, frequent backing up and updating required.

    I do still create and maintain an RSS feed for the static sites using a free online tool to do that. The time I spend building a site has increased, but the time I spend on maintenance and worrying about it has dropped to almost nothing. For me it’s a fair trade.

  • http://www.bigwheels.dk/ Erik @ alufælge

    Yes.. I heard the same thing before. My friend told his WP was hacked and later he moved to the other. After his advice I upgraded my blog.

  • http://www.discountletting.co.uk/ Property Letting Agents

    Thanks for the heads up, will look into this issue. I agree with Julie that upgrading WP is a pain as there are always several issues with plugins!

  • http://www.firstservemedia.com Jack@Jacksonville SEO

    we still use 2.7 on a vast majority of sites. knock on woods, no worries yet!

  • http://soulintegrity.org sheldon

    Thanks for the information. It could mean a lot to users that owns an older version of WP so that they will be aware to upgrade their blogs and not to wait for the time that they will be hacked.

  • http://newwpthemes.net Susan@New WordPress Themes

    How scary. It helps to run some security plugins that detect any directory checks or attempts to inject mySQL data.

  • http://www.dotsndashes.com Erum Munir

    Well that is a site, Google seems to have black listed so its PR has disappeared. So blank PR to blank PR … not so much of a change. This hack did not help either. Previously it was a bad plugin which did not let the Google spider see my site. I have given up on its PR.

blog comments powered by Disqus