You may not be aware of it, but almost any website, WordPress or otherwise, is under constant attack these days by automated bots trying to find a way in. You may think, “Why on earth would somebody possibly try to hack into my little-old-site?! I don’t store any sensitive or valuable information, and I’m just small potatoes.”
Bots don’t discriminate.
Any URL (and chances are, you have dozens of URLs on your site) can be used for nefarious purposes these days whether it’s spreading malware across the web, turning a website or website visitor into another bot that’s part of the bot-net army, or just trying to generate better search engine results, usually to a bogus website selling something like pharmaceuticals or Air Jordans.
There is a constant barrage of bots that are perpetually scanning and trying to find a way to inject malware into your site.
Here are some of the ways you can check your site to see if you’ve been hit:
- A Letter Home from the Principal
Your first indication that there’s a problem may be when you get an email from your webhost telling you your site has been shut down either because they’ve discovered malware or due to CPU or memory overages. In other words, your site is causing problems on their server, and they’ve cut you off until you fix it. This feels kind of like being called to the principal’s office when you were in middle school – you’re sure you’ve been busted but maybe not entirely sure what you did wrong. Ugh!
- Google Yourself
You might hear it from a friend or acquaintance who went looking for your site and got warned by Google that the site wasn’t safe to visit. Go ahead and google yourself by going to http://google.com and typing your URL in the search box. Google is pretty good at telling you whether or not a site is safe to visit. (These days, there’s a little green check mark to the right of the search results if it is safe.) Plus it’s always good practice to see what Google sees about your website. If Google detects malware on your site, you can end up blacklisted which is totally recoverable but does take some elbow grease to get fixed.
Fix it before you get caught
You’re typically far better off if you catch a problem and fix it before Google or your webhost does, so it pays to be proactive – not paranoid, mind you, but checking your site yourself every couple of months can really help.
- Do a Self Check
The obvious and easy one is to run a security scan on your site. I typically use a third party scanner called Sucuri at http://sitecheck.sucuri.net. You just plug in your site URL and click SCAN WEBSITE and you’re off. Takes a minute, and it’s not 100% accurate, but it’s one of the better tools out there, and they try very hard to stay current.
Note: If your site is infected, once you’ve got the hack cleaned up, be sure to come back to Sucuri and check your site again in 3 or 4 weeks to make sure it hasn’t been re-infected. Some hackings can be tricky to completely obliterate and if you’ve left a trace of it behind, the hackers have an open window back into your site.
- Check Your Users
A not so obvious one is to check your user accounts in WordPress in the Dashboard by clicking on USERS in the left hand sidebar. If you spot user accounts there that you haven’t set up, it’s usually the result of a hacking attempt. Be sure to delete them and any blog posts they may have generated. And unless you have a specific need to be able to dynamically register users in WordPress (e.g., you run a membership or similar plugin), then go into SETTINGS / GENERAL and make sure the ANYONE CAN REGISTER checkbox is not checked.
- Lots of Comments
One of the attacks on websites that seems to come in waves has been bots leaving a deluge of comments on your site – sometimes up to hundreds in a day. Depending on your comment spam plugin, these may or may not result in hundreds of comparable emails to you telling you you have comments to moderate. Or it could be that those comments are getting swept into your WordPress SPAM folder and you don’t get notification about them. So check your comment count, too.
Hacking is very commonplace, and not to be all fear-mongering (which I can’t stand), but it can happen to just about anybody. Good security practices on your site to begin with and a diligent eye on some particularly vulnerable areas will help keep you protected.
If you think your site may have been hacked and could use a someone to help you sort it out, please don’t hesitate to reach out to me.