Your WordPress Website is at risk of being hacked

There are two types of WordPress websites

The ones that know they are targets who are getting visiting hackers Monthly, Weekly or Daily or worse.

The ones who think they are all safe and secure because they have never been hacked! Normal this is because they have already been hacked and are now spewing forth all sorts of malware on every visitor.

Common misconceptions about hackers

Hackers aren’t just in it to steal your money! In fact hacking now is more about malware, hosting hijacking and covert sniffing of data. Yes you still do get the malicious hackers who will deface your site, but generally hackers tend to hack quietly and press record and wait.

Hackers wait and record and often this is combined with Malware. The reason is they can spread themselves further faster if they don’t attack and steal your money and the first chance. Its a much better game play to hold off and collect more details and steal and sneak on a smaller scale for the individual, but large scale as a whole.

Do not think because you are small you can be slack. You can not. Normally hackers are using bots to scan the internet looking for weak sites (WordPress sites) its not personalised its a mass operation. Anything that is picked up as a potential soft target gets flagged and goes to an automated hacking program. Automatic programs then go to work.

Non of this needs to be done on a personal level its often completetly automatic. If you get hacked the hacker will most likely install some malware and sit back and wait until the time is right.

This ain’t personal its just hacking

So my point is it doesn’t matter if your small or big, Successful or not. The process is mainly automated hacking, they will find you and hack you because its a mass game where all sites are searched and tested.

Now that your panicing about your beloved WordPress site or Blog

What can you do about it. There are some simple steps:

Do not use a simple password, get something big and complex. Write it on paper if you need to or use a program list Lastpass to store your passwords securely. If your using something like abc123, password123, your name, pa55word you mostly likely already hacked and don’t even know it. Change it!

Remove the setup files from your public directory.

Keep your plugins and versions up to date.

Don’t use cheap garbage web hosting services. They don’t care! There systems are often old and ready for the scrap heap…there are no free lunches in life.

For further info you can follow some of the proceedures from the links before. Remember to back up your website/hosting panel fully before you do this. If you make a mistake it can be disaster. If in doubt consult a website and hosting security professional, such as Mebsites.com

Nice little WordPress audit and protection video

Resources to check:

You need to start working your way through these resources:
http://codex.wordpress.org/FAQMysitewashacked
http://wordpress.org/support/topic/268083#post-1065779
http://smackdown.blogsblogsblogs.com/2008/06/24/how-to-completely-clean-your-hacked-wordpress-installation/
http://ottopress.com/2009/hacked-wordpress-backdoors/

Additional Resources:
Hardening WordPress
http://sitecheck.sucuri.net/scanner/
http://www.unmaskparasites.com/
http://blog.sucuri.net/2012/03/wordpress-understanding-its-true-vulnerability.html
http://blog.sucuri.net/2010/07/understanding-and-cleaning-the-pharma-hack-on-wordpress.html

Bibliography:

http://guvnr.com/ (2013). Video How-to: 10 Tips To Make WordPress Hack-Proof. [ONLINE] Available at: http://guvnr.com/web/blogging/10-tips-to-make-wordpress-hack-proof/. [Last Accessed 18/03/2015].

Wpbeginner (2012). How to Find a Backdoor in a Hacked WordPress Site and Fix It. [ONLINE] Available at: http://www.wpbeginner.com/wp-tutorials/how-to-find-a-backdoor-in-a-hacked-wordpress-site-and-fix-it/. [Last Accessed 01/01/2015].