Just two months ago (December 2009) this website www.keyframe5.com got hack by a spammer! I never thought I would end up as a victim, I always say to myself this will never happen to me.
Here is how I find out how my WordPress website was hack and how to protect your WordPress website from becoming a victim.
- The fastest and easiest way to keep your WordPress website protected from hackers and spammers is to always upgrade your WordPress website to the latest WordPress version.
- Validate your CSS and source code with W3C.
If some unknown html codes were added, you can easily pick it up the errors with W3C. If you don’t know how to validate your source code through W3C, you can still do it by remembering the amount of errors you have and later on when you check it again you suddenly have 100’s extra errors. Then that should tell you something is wrong.
- Look at your web traffic statistic. If you notice a slow decline of traffic on your web site and you have a gut feeling something is wrong. Check and see what key words some of the people use on search engines to find your site. For example, I notice someone used the key word “3D penis mesh”. I know the word penis is not on my website anywhere (except on this page), but for some weird reason someone found my site with the word penis. That should be a good warning sign something is wrong.
- Lastly, regularly check your source code. I check my source code all the time and I’ll admit I didn’t notice anything wrong when I got the hack but if you’re careful you might be able to find something out of the ordinary.
- Another thing you can do is backup your files regularly. If you do not want to upgrade to the latest wordpress because you are scared something might break. You can always upload your back up. This will overwrite the spammer’s code, but remember it can happen again since you are still using the same files.
- Yes, always upgrade WordPress when in doubt.
My story when my site got hack by a spammer
As you may already know, this website was built with WordPress and the theme was completely redesign to my liking base on another theme that I have downloaded.
At the time of the hack I was still using WordPress 2.7x, I think it was 2.72 (not sure). Anyway, I didn’t upgrade fearing it would ruin some of the plugins or mess up my other work, so I stick with the 2.7x version. Last time I upgraded my WordPress 2.5 to WordPress 2.7x, I had to fix some stuff which took a bit of time. So I didn’t want to go through that again thinking it would be safe for me to stay with the older version.
I have this bad habits for checking my web traffic statistics every hour. I am now trying to kill that habit and trying to check my web statistics at least once or twice each day. As I remember that week when the hack happened, my web traffic was decreasing slowing. About 10% each day and by the end of the week my traffic was reduce by at least 80%-90% as compare to the weeks before. I thought to myself at the time it have something to do with “Google dance” but as far as I remember when that happened to me with another website a few years ago and the decrease in traffic cause by “Google dance” drastically decrease within 1-2 days, unlike the gradual decrease I was experiencing with the hack.
So I wasn’t sure what exactly was causing the decline in traffic. One night, instead of writing a post I decided to spend a few hours studying my site to see what was exactly causing the problem, because I can’t wait for the problem to resolve itself. I looked at my web site’s source code but I didn’t see anything wrong (at first). I then check to my source code at W3C for validation.
I remember 2 months ago I spent a weekend cleaning up my CSS and source code for validation at W3C. All of my CSS pass with green color and all of my source code on my homepage also pass the W3C validation, except for 1 or 2 errors. However, when I check again this time I got over 100 errors! I almost jump off my chair when I saw that. There was no way I could have that many errors when I already spent hours cleaning all my code just a few months earlier.
When I was examining all the W3C validation errors I notice that most of the errors, if not all of the errors where links to Viagra, drug, and other sexual enhancement related websites. At that time I couldn’t believe it, I thought I must had input in the wrong website to validate, then I look up at the top of the W3C validate URL input just to be sure I type in the correct site and indeed it was my site www.keyframe5.com
Then I check my source code on my homepage again and now I saw all of these links between the html header tag. It was in a single line containing about 50-100 external links. I didn’t count exactly how many there were because I just wanted to get rid of it. All of these links had anchor text words like, penis enhancement, drug pharmacy, Viagra and other drug/ sexual enhancement related terms.
I open my FTP software and started looking to see how all the external links got in there, but I couldn’t find where it was coming from. My next step was to upgrade the latest version of WordPress, which was version 2.9 and I did just that with my figures cross. After the automatic upgrade, which took about 10 seconds to upgrade from WordPress 2.7x to 2.9. I refresh my homepage and check the source code. Volla! To my relief the hack disappeared, no more links to external websites without my permission! Also, my WordPress web site was not broken, all the pages and plugins work just as it did before upgrading.
I suppose if that spammer or hacker read this post he/she might want to validate their code at W3C first. Even if they did, there are many ways to protect yourself from spammers and hackers on your WordPress web sites as I listed at the top of this page. Good Luck!
Now I know exactly why there was a decrease in my web traffic. I’m not a SEO expert but I know enough that when the hacker/spammer added their code with links to their websites. It was hurting my page rank and it help the hacker/spammer’s websites, which mean I was getting less web traffic and more web traffic were directed to the hacker/spammer’s websites.
Do you like this article?