VO-BB - 20 YEARS OLD!

Mike Harrison · Posted: Thu Apr 18, 2013 5:41 am Post subject: Website Hackings

Over the past few months, website hosting companies have been experiencing a much higher than usual surge of what's known as 'brute force attacks,' hackers bringing web servers and networks down and hacking individual websites.

I'm no expert webmaster; I've just been relying on the great information available to me as a subscriber to Google Webmaster Tools for the past eight or so years. With it, I managed to get my site's ranking fairly high but, since a friend converted my site to WordPress three years ago, not only has it become much easier to administer the site, it seems SEO is better.

However, apparently having a site based in WordPress can make it somewhat easier for hackers to do their thing: not keeping up-to-date with the latest and most secure version of WordPress, using too many or outdated plugins, etc.

Unless you regularly monitor it with help like Google Webmaster Tools (GWT), your site may have been hacked and you wouldn't even know it. And, if it has been hacked, malware or other material may have been placed on the site, causing all kinds of things that could result in search engines dropping your rankings or – much worse – registering your site as being dangerous to visitors.

It was only because I was using GWT about a month ago; looking at the keywords that the Google crawler had found on my site that I discovered some of the keywords it found were not put there by me and had absolutely nothing to do with voice-over. There were words like 'cash,' 'loans,' advance,' and other financial terms in the list.

I called up my site and looked at it. I didn't see anything unusual... until I had my browser search the page for one of those keywords. The page lit up with scores of occurrences of that word, all over the page... and invisible. The other added words were there, too. The WordPress header file had been compromised; I found an entire page worth of financial terms and links to what appeared to be financial websites, but were probably phishing sites designed to look like financial sites.

After replacing the header file and doing some other tweaks to get the site back to where it had been, I began using a couple of WordPress plugins for security. Things have been fine since.

Rule #1: Check your site often. If you subscribe to Google Webmaster Tools, check it daily, too. Go to each page on your site and do a 'Select All' in your browser to see if there are things there that shouldn't be there.

Rule #2: If your site is based in WordPress, be sure to keep WordPress and any plugins up-to-date, and disable or delete any plugins that aren't absolutely necessary. And begin using some extra security measures.

Rule #3: Whether or not your site is based in WordPress, but especially if it is, stop using the default 'Admin' login. Create a unique login name and delete the Admin account (be very careful not to lock yourself out of your own site). Also use strong passwords. Wherever possible, I use passwords of at least 18 characters and a mix of letters, numbers and symbols.

Rule #4: See Rule #1.

Stay safe!
_________________
Mike
Male Voice Over Talent
I have taken leave of my sensors.

heyguido · Posted: Thu Apr 18, 2013 6:02 am Post subject:

Killer post, Mike. Great advice.
_________________
Don Brookshire
"Wait.... They wanna PAY me for this?"

Mike Harrison · Posted: Thu Apr 18, 2013 8:41 pm Post subject:

Thanks, Don!
_________________
Mike
Male Voice Over Talent
I have taken leave of my sensors.

bobbinbeamo · Posted: Tue Apr 23, 2013 5:26 am Post subject:

Holy Cr@p! This is excellent information Mike. Thanks for this.
_________________
Bobbin Beam
www.bobbinbeam.com
blog.bobbinbeam.com

ccpetersen · Posted: Tue Apr 23, 2013 9:32 am Post subject:

There's a wordpress plugin called Ultimate Security that I use. It has helped me keep my site right and tight.
_________________
Charter Member: Threadjackers Local 420