Update WordPress Today and Protect Your Site(s) from Spam Link Injection Hacks

WordPress version 2.9 is now available and if you run your blog or mini-site(s) on WordPress you should update today. As you may or may not know, WordPress has become a major target for hackers and spammers alike. One of the most popular hacks is one which injects spam links into the header of your WordPress site. This could go on for a long time before you even realize your site has been compromised. The easiest way to prevent this and other hacks is to update WordPress the day that a new update becomes available. On top of Updating WordPress itself you should also update plugins which frequently have updates that coincide with WordPress updates.

The spam link injection hack is one of the most prevalent now and could absolutely ruin your search engine rankings causing your blog or minisite to disappear from its once prominent spot on Google or Yahoo. The hack works by oftentimes infecting your WordPress database so you might not even see the code in your WordPress php files. So how do you know if your install has been compromised by a spam link injection hack? It’s not too hard to spot actually – here are two simple ways to check.

  • Visit your blog or mini-site and select View -> Source. Now scan through the source code and look around the <body> tag…do you see a bunch of links you don’t recognize? These will be particular anchor text phrases going to some sites you’ve probably never heard of. If you see this…WordPress has been compromised.
  • Even if you don’t see the spam links in your header, WordPress might still be compromised – look for the following text at the top of any of your WordPress PHP files: /**/eval(base64_decode. If you see this code followed-by what looks like a bunch of random letters and number then your WordPress site has been compromised.

Below is a screenshot of what a typical hacked WordPress install will look like…I had all of my WordPress sites hacked earlier this year so have been through this painful experience first-hand!

If you do find that your WordPress install has been compromised – don’t panic. There is hope but you’ll need to have an expert help you. I used AdminDaily when my blog was hacked and they did and absolutely amazing job. Not only did they remove the spam injection links and rid my blog of the hackers malicious code – they also setup safeguards to keep my blog secure, and backed-up my WordPress database!

So upgrade WordPress today and make sure your site is secure!

{ 7 comments… add one }

  • owen frager December 19, 2009, 4:06 pm

    Thanks for this reminder.

    Reply
    • Morgan December 19, 2009, 4:08 pm

      No problem @Owen! Definitely was frustrating when my blog was hacked so want to help as many people avoid it as possible 🙂 Have a great weekend!

      Reply
  • PPC Ian December 19, 2009, 4:54 pm

    Morgan,
    Awesome tip, much appreciated. Also appreciate the info about AdminDaily. Great to have them in mind for the future – always important to have a disaster recovery plan in place before potential disaster strikes.
    All the best,
    Ian

    Reply
  • Jesse December 19, 2009, 5:32 pm

    Great post Morgan and thanks for the mention, i appreciate it.

    As my grandmother always said, an ounce of prevention is worth a pound of cure… or was that Ben Franklin?? lol..

    Anyhow, it’s a valid point no matter who said or or how many times it’s repeated. Wordpress is taking the world by storm and thats awesome, but the bad that comes with having a high visibility profile is that those who like to mess things up will target you all the more. By keeping your site (and plugins) updated you can save a lot of headache.

    I’ve always preferred to take a proactive approach, there are many things that can be done to greatly reduce the likelihood of becoming a victim of one of these attacks.

    Reply
    • Morgan December 19, 2009, 6:11 pm

      Thanks @Jessie – appreciate all of your help!

      Reply
  • Tatjana December 19, 2009, 6:26 pm

    Excellent point Morgan. I try to keep with upgrades, and captcha to get protected. It’s always good idea to check your site, plugins, and clean up what need to be cleaned…

    Reply
    • Morgan December 19, 2009, 6:46 pm

      Thanks @Tatjana!

      Reply

Leave a Comment