WordPress Security: Has Your Site Been Hacked?

WordPress Security is a growing concern. We’ve recently had a few clients notify us that their sites have been hacked. The way the hack works is when people click on your link from search results in Google, Bing or Yahoo – they are getting redirected to porn sites. Otherwise your site looks perfectly fine.

According to sucuri.net, this is happening to all sorts of sites, including WordPress, forums and pure HTML sites. In most cases, with WordPress, it is happening because the version of WordPress is outdated and/or there are outdated plugins.

How can you tell if your site is hacked?

First off, check to make sure that your site is not already compromised. You can do this by simply searching for you site in Google. Make sure you are not already flagged (see image below), and click on your search result. If your site loads like it should, and you haven’t been flagged, you are most likely in the clear.

WordPress Security: Hacked Website Example

If you think your site has been compromised, contact us immediately and we will let you know what you need to do to get your site cleaned up.

If you don’t appear to be hacked, your next step is to make sure that your version of WordPress and all of your plugins are up to date. See the steps below.

Some of the steps below are very technical and may be out your comfort zone, or you just may not have the time to deal with it. If so, we do offer monthly maintenance plans that take care of everything below and more. Or you can check with your host and see what services they offer. But either way, we feel it is very important to complete the steps below at least once a month.

Updating WordPress

It is crucial that you keep WordPress up to date. Due to it’s immense popularity (currently powering 23% of the websites in the world), WordPress is a popular target for hackers, malicious code distributors, data thieves, and wanna be hackers. With each update, WordPress fixes bugs, adds new features, and improves performance and security to keep ahead of the hackers.

By failing to keep WordPress up to date you are risking your website security and missing out on new features/improvements.

How to Update WordPress

  1. Create a Backup. The first step is creating a backup of all of your files. There is a possibility that updating WordPress could cause your site to break. And creating a backup will insure that you are able to revert to a working version of your site in the event that something goes wrong. You can create a backup by doing one of the following:
    1. Check to see if the BackupBuddy plugin is already installed on your website:
      1. Log into your site and look at the panel on the left side of the screen.
      2. Look for the tab titled BackupBuddy and click it.
      3. Then click on the button that says “Complete Backup”.
      4. Once the backup finishes running, click to download the file and proceed to the next step.
    2. If BackupBuddy is not installed, you can contact us and we will install it for you or you can check with your host and see if backups are included in your hosting plan .
  2. Update WordPress. If you are due for an update, you will see an alert at the top of the page that reads “WordPress #.# is available! Please update now.” To run the update:
    1. First, click “Please update now”
    2. On the next screen click the blue “Update Now” button.
    3. The update will typically take a few seconds to a minute to go through. Once it is completed you may be asked to log in again or be taken to a page verifying your update is complete. If you do not see the alert go to the next step and check that your plugins are up to date.
  3. Check your site. If the update went through successfully, check your site and make sure everything is working. If there are any issues or the update didn’t go through, contact us and we’ll take a look for you.

Update Plugins

Like WordPress, it is also crucial to keep all of your plugins up to date as well. By failing to keep your plugins up to date you are putting your site at the same security risks as an outdated version of WordPress.

How to Update Plugins

  1. Create a Backup. If you already created a backup during step 1 of Updating WordPress you can continue to the next step. Otherwise, see step 1 above.
  2. Update Plugins.
    1. Log into WordPress.
    2. On the left side of the screen click the Plugins tab.
    3. Plugins that need to be updated are highlighted in red. Find the line that reads “There is a new version …” and click the “update now” link.
    4. The plugin should spin for a few seconds to a minute and finish with a green checkmark that reads “Updated!”.
    5. Follow these steps for remaining plugins that need updated.

Everything is up-to-date, what’s next?

We would suggest checking your site at least once a month and making sure that both your version of WordPress and your plugins are up-to-date, as well as making a full backup of everything, just in case there are any issues in the future.

Share it!
Facebook
LinkedIn
Pinterest
Email

Related