Comments on: How Google & StopBadware.org Handle Hacked WordPress

By: Andy Beard

Andy Beard — Fri, 13 Nov 2009 18:33:29 +0000

There are some reasons why I wasn’t using a number of hacking tools, but they are pretty technical and it would take a lot of time.
Ultimately my server has a more conventional (but highly optimized) config now, so some security aspects will be easier to manage (and a lot of it is out of my hands with my server management team)

By: AntiSpamNews – News To Save Your Inbox » Blog Archive » See How a Hacked Wordpress is Handled

Fri, 13 Nov 2009 18:11:44 +0000

[...] Comments [...]

By: Nhile

Nhile — Fri, 13 Nov 2009 15:22:35 +0000

Tip: Hacker remover also available in WordPress tutorial.

By: Brent2

Brent2 — Sun, 01 Nov 2009 22:58:08 +0000

Static sites are harder to hack but, if you have a form of any kind, it’s very doable. If your static sites are HTML, read up on HTML injection attacks (Wikipedia, Google, etc). They’re actually surprisingly easy to defend against but can be used to drop a dozen porn links on the bottom of your page; each nicely just out of sight until Google notices.

By: Brent2

Brent2 — Sun, 01 Nov 2009 22:56:20 +0000

I’ve seen some pretty nasty WP hacks. Things like WP suddenly attacking other servers or base64, gzipped code used to inject random links into comments.

As long as you stay up to date on WordPress and minimize plugin use, you’re generally fine. Obviously some of the hacks are going to actually happen before WP.org finds out about them and you might get hit. They’re usually VERY good at getting back on track though. If you pay attention when a new version is released (and upgrade) you’re generally safe.

Now that WP has the auto-update option there’s not a lot of excuse. Some hosting companies even send you an e-mail when a new version is released.

By: Andy Beard

Andy Beard — Tue, 13 Oct 2009 12:11:46 +0000

People can hack static sites, or the shared hosting most people use

By: AutoSpector Inspections

AutoSpector Inspections — Mon, 12 Oct 2009 20:17:44 +0000

Seeing this makes me glad I stick with static pages when ever I can get away with it.

By: Paul

Paul — Wed, 07 Oct 2009 11:43:04 +0000

We had our site hacked a few weeks ago though we weren’t on wordpress. The hackers uploaded a new index.html file with a “You have been hacked by…” message on it. We were on shared hosting and they had hacked the server and taken everybody down. Worst thing was it was the best part of 36 hours before our site was back up and running and we lost a hell of a lot of search traffic, no signs that it has cost us search rankings though.

Definately an argument for getting a dedicated server.

By: Andy Beard

Andy Beard — Tue, 29 Sep 2009 17:53:07 +0000

In theory no, but hopefully Google will provide a way to inform website owners of sites they are linking to which have badware in the webmaster tools soon.

They have the APIs to do it

By: Vlad Zablotskyy

Vlad Zablotskyy — Tue, 29 Sep 2009 13:56:27 +0000

Andy,

Just remembered the question I meant to ask when I first saw your post. In your opinion, do you think Google penalizes for liking to “infected” websites even if your links are nofollowed?

It happens often to me on few of my blogs. I get a trackback from a blog, but as I check where the links is coming from I sometimes faced with that dreadful “Warning” message. On some occasions I succeeded to contact the website owners warning then of the problem.

I do let through trackbacks from some automated “quasi-splogs” when the offer a good clean link to my website. The problem with some of them is that their owners don’t always pay attention after initial installation and set up and they get hacked quiet often.

Thought you might have some insight. Thanks in advance.