You are here: Home / Archives for July 2009

How To Tell If Your Website Has Been Hacked

July 8, 2009 By Regina Fried Leave a Comment

In my previous posting, I discussed how users who don’t upgrade to the most recent version of WordPress can leave their websites vulnerable to hacking. But all types of websites can be hacked — not just those built with WordPress.

“If you own or manage a website, you are responsible for that website’s security. Compromised websites can infect visitors with badware, and are commonly blacklisted by search engines, web browsers, and security vendors. Many legitimate websites are the targets of malicious hacking attacks, during which code linking directly to badware is inserted onto an otherwise innocent, but poorly secured, website.” (StopBadware.org)

On a regular basis, all website owners/administrators should check their sites for badware by using these tools:

Hopefully, your website will pass these diagnostic tests. However, if you do find badware, you’ll need to remove it. You can find tips for doing this at StopBadware and BadwareBusters.

WordPress users can find tips on keeping WordPress installations secure at “Hardening WordPress.”

Once you’ve removed the badware from your site, you should request a review of your website from the services that have issued warnings: Google, StopBadware, and/or SiteAdvisor. If you don’t, visitors to your website may see the following warning: “This site may hurt your computer.”

Filed Under: All Things Web, WordPress Tagged With: Google, security, web tools

One Great Reason to Upgrade WordPress

July 6, 2009 By Regina Fried Leave a Comment

If you’re using WordPress, sooner or later you’re going to log in to your site and see this horrifying message: “WordPress 2.X is available! Please update now.”

You might have a flashback to previous disasters with software upgrades (does the blue screen of death ring a bell?) and decide that your site is working just fine thank you very much, and you don’t need to upgrade.

That would be a mistake. I’m not saying you should upgrade the minute a new version of WordPress is released; I usually wait a few days to make sure all the obvious bugs are worked out before I upgrade my installations (one good way to do this is to read what others are saying or complaining about on the the WordPress forums).

But why, if your site is working properly, is it necessary to upgrade WordPress? What about security? Are you concerned about that?

Older versions of WordPress have known security issues. With each upgrade, the folks at WordPress address these problems. But the evil hackers of the world are hoping that you won’t upgrade WordPress, that you’ll keep using the same version you’ve been using for the last 18 months so they can access your blog and install malware.

Now tell me which is scarier:

  • The thought of upgrading WordPress?
  • The thought that someone can hack into your site?

Really, I sympathize because I always feel a little pang of fear before I upgrade any software. But WordPress makes it easy to upgrade with the automatic upgrade (just press the button and go!). Or you can upgrade manually, if you prefer; instructions can be found here.

However you choose to upgrade WordPress, don’t forget the most important rule of upgrading: make a backup copy of your database and your WordPress files before you upgrade. Don’t skip this step. That way, if anything goes wrong with your upgrade, you’ll be able to restore your site.

Filed Under: WordPress Tagged With: security