What to Do if Your WordPress Site Gets Hacked

What to Do if Your WordPress Site Gets Hacked

The first step is not to panic. It happens to everyone. It just happened to me. Here’s what happened, how I realized it, and what I did about it.

A lot of webmasters won’t talk about their sites getting hacked. Mine never have before but I am certain that it happens to everyone. What’s the sense in not admitting it? Entire websites exist to make hacking easier for those losers. The good guys should fight back and share what they know, too.

It started with a Google Search

You can check to see what Google has stored for you by going to Google.com and typing site:www.YourSite.com In my instance, I typed site:www.CharlotteWebDevelopment.com

This is a useful tool for webmasters because it lets you see how many of your pages show up in their index, what the title is on each of those pages, and what the description says. If you don’t know why that is so very important, let me know and I’ll post a follow up article.

The Problem

Since I have around 500 articles and pages on this site, and most of them are indexed, my results have a lot of data. I noticed right away that some of my search results had different descriptions than what I provided. To be specific, they all had a bunch of spammy crap listed.

This is a HUGE problem if you rely on those search result listings to bring your website traffic!

What I Did

I immediately went to check my pages. If that spam was showing up in the Google search results, it should be on the meta description fields on my posts. It turns out that none of my affected pages had anything at all in the meta description fields. Save that tidbit for later.

I then went back to the Google search results and checked the Cache pages that they had. It turned out that those spam affected pages were last cached by Google a month ago. Again, if you are not sure how to check your Google Cache, let me know, and I’ll write that up, too.

Warning, Geek-talk Looking at the source code of the affected pages I realized that the spam was not embedded in my description tags – I didn’t have them loaded then, either. All of the spam was encased in div tags with in-line css to make a linked list of spam links visually show up off page but appear high enough in the html hierarchy so that it was the next visable text. As such, Google used it as the description on each page.

How I Confirmed the Issue

That kind of spam had to be an automated attack. I Googled the terms in the spam. There are millions of hits out there. All WordPress sites. I googled the terms of the spam and the words ‘wordpress.’ That led to a bunch of WordPress sites where the owners hadn’t done some basic security and the code showed their WordPress Install version. My hope was that while my site was no longer infected, I could figure out what WordPress base was at fault, and tell everyone I knew on that base that it was time to upgrade.

Sadly, there was no luck. I tried to search for similar items on WordPress themes and plugins but I couldn’t find any common thread except for one.

Each page on each site that had been hacked didn’t have a meta description entered! That was the same as mine. Obviously if your page has a meta description, Google will show that text instead of the spammy text. That spam will still be there on your site, but the benefit to the spammers goes down exponentially.

What I Did to Fight the Hack

Like I said, my site was no longer infected. The only way I even knew that it ever was infected is due to Google’s caching ability. Still, if the site was hacked due to my flaw of not having meta descriptions listed for each post and page, then I would have to enter one for every single last one. All 500. I just finished before writing this article. That was a lot of fun. Luckily, my WordPress install is configured to let me do that quickly. If yours is not, let me know and I’ll write up something for that, too.

Why My Site Didn’t Remain Hacked

I don’t know exactly. I do follow these best practices:

  1. Keep WordPress up-to-date.
  2. Use as few plugins as possible.
  3. Use a trusted theme.
  4. Lock down folders with aggressive permissions.
  5. Don’t accept comments from everyone. Most are spammers.
  6. Regularly perform site maintenance.
  7. Regularly check Google to see what it thinks of you.
  8. Make good use of security plugins.

Now that I updated all of my meta descriptions, all that is left is to try to force a Google Cache refresh so my search engine result listings get the spam knocked out of them. The update of the metas should put a new timestamp on each of them and I did ping the usual services on each update. My site is configured to resubmit my sitemap to Google on each blog post, so this will help. All that I can think to do is keep watch over my results and monitor the usual channels to see if I can help anyone else out.

I’ll keep you posted.

Any questions? Let us know in the comments below or use the contact page. Any suggestions? Please do the same.

Has your site ever been hacked? What did you do?

{ 0 comments… add one now }

Leave a Comment

*

Previous post:

Next post: