WordPress version 2.9 is now available and if you run your blog or mini-site(s) on WordPress you should update today. As you may or may not know, WordPress has become a major target for hackers and spammers alike. One of the most popular hacks is one which injects spam links into the header of your WordPress site. This could go on for a long time before you even realize your site has been compromised. The easiest way to prevent this and other hacks is to update WordPress the day that a new update becomes available. On top of Updating WordPress itself you should also update plugins which frequently have updates that coincide with WordPress updates.
The spam link injection hack is one of the most prevalent now and could absolutely ruin your search engine rankings causing your blog or minisite to disappear from its once prominent spot on Google or Yahoo. The hack works by oftentimes infecting your WordPress database so you might not even see the code in your WordPress php files. So how do you know if your install has been compromised by a spam link injection hack? It’s not too hard to spot actually – here are two simple ways to check.
- Visit your blog or mini-site and select View -> Source. Now scan through the source code and look around the <body> tag…do you see a bunch of links you don’t recognize? These will be particular anchor text phrases going to some sites you’ve probably never heard of. If you see this…WordPress has been compromised.
- Even if you don’t see the spam links in your header, WordPress might still be compromised – look for the following text at the top of any of your WordPress PHP files: /**/eval(base64_decode. If you see this code followed-by what looks like a bunch of random letters and number then your WordPress site has been compromised.
Below is a screenshot of what a typical hacked WordPress install will look like…I had all of my WordPress sites hacked earlier this year so have been through this painful experience first-hand!
If you do find that your WordPress install has been compromised – don’t panic. There is hope but you’ll need to have an expert help you. I used AdminDaily when my blog was hacked and they did and absolutely amazing job. Not only did they remove the spam injection links and rid my blog of the hackers malicious code – they also setup safeguards to keep my blog secure, and backed-up my WordPress database!
So upgrade WordPress today and make sure your site is secure!