The question is always the same, “Why does a hacker want to get into my blog?” The answer is always the same – to drive traffic. But, that traffic is not to your site, but rather to drive traffic to a site they are being paid to promote.
The traffic is either direct or indirect. Direct traffic is where a hacker breaks into your WordPress site and then overwrites your website with their own site or landing pages pointing to their own site, I just saw one today for a webmaster prospect that was taken over by pornography sellers.
Indirect traffic is more sneaky. Here the hackers break in to WordPress and hope that you won’t know. Then they leave self-replicating scripts in various locations of WordPress and even tunnel into your own website. They use these scripts to create “ghost” pages that only search engines can see that are filled with links and keywords all pointing to sites they are hoping to boost in the organic search results.
In many cases if you find what you think is the spam directory (usually they hide it) and you delete it, the replicating scripts simply recreate everything you’ve deleted. You’ve got to do a very thorough wipe of the server and site files to get rid of this type of hack permanently.
Many business owners ask, “Why me? I’m not Amazon and don’t even have tons of traffic!” Here’s where the hackers are playing a numbers game. The more sites that point to the site they are promoting, the better off they are initially.
Typically sites that these hackers are promoting are trying to garner organic placement temporarily to serve malware installations. Once the search engines figure out which sites they are they shut them down, but by then many people are now infected and the hackers then go on to the next site.
The best way to protect yourself from these kinds of issues is to keep WordPress updated and as secure as possible with plugins that monitor files and then check your WordPress application at least once a week.
If your blog does not have comments, will you take a hit from Google in regards to organic search placement? I’ve done a little bit of research on this topic and feel that instead of worrying about comments or lack of comments, it is more important to consider your blog post bounce rate.
People are busy. Even I don’t routinely comment on blogs I read, but that doesn’t mean that I don’t find reading them to be of no value. Actually I spend 30 minutes every day reading industry blogs and news.
What I feel Google is considering more important than the number of comments is engagement and stickiness. If your blog has no comments, but people are there longer than 5 seconds and dig deeper into your content and your bounce rate is under 70% for a blog post, you most likely are not in trouble with Google.
The types of blogs that get punished for poor performance are those that are either built for advertising links, are scraping content from other resources, or have one and two line blog posts.
If you are taking time to write a thoughtful blog on a topic that matches your main authority – even without blog comments your website will still be consider meaningful to Google. Just take a look at the search results to know this is true as Google is showing even comment-less blog posts in their index.
What Google can monitor more closely than the number of comments back on your own site is click through and bounce rate – right from the Google.com page.
So if you don’t have comments on your blog, not to worry. Some of the biggest sites in the industry (like Copyblogger) have actually turned off commenting.
What’s with WordPress lately? My firm manages a number of client blogs and writes for many more, in the last month I have found a number of blogsites that are undergoing repeated entry attempts by robots. Fortunately for our client sites, we lock them out the bad guys and monitor WordPress files using three great apps.
I like this very simple login app. You can set lockout time frames and you are not pestered with repeated messages.
WordPress File Monitor
I like this plug-in as well as it does not inundate you with messages, but let’s you know when files have changed at WordPress by email. For many client sites, we are monitoring the logins and access. It helps to keep the blog secure and hack-free.
After you’ve been hacked once you’ll want to make sure that you are using this plugin that has many more features and will let you know each and every single action on WordPress. Clients quickly feel overwhelmed with the message traffic, but sometimes you’ll want to know each and every login attempt to see a pattern and to see if the hackers are getting close to figuring out your user name. Although you can lower the number of messages, for sites that are undergoing aggressive entry tactics, I recommend watching everything. Remediation can be costly so it helps to know what is happening to jump in and do updates immediately if needed.
I’ve personally found that if you have used admin as a user name and then a simple password, you may already have been hacked and should login to see what is going on as well as take moment to create a secure letter and number, plus character password for WordPress.
There are some bad guys out there testing many WordPress sites or blogs, looking to see who has not properly secured their site to break in and then use the site to spew out spammy links.
If you are tired of watching your own site, we do offer monthly blogmaster services and monitoring if you need it for $30 a month. Find out more about our blogmaster and webmaster services.
It is a mistake to feel that blogging is dead. Hands down one of the very best things you can do for your business website is to have a blog that is updated regularly.
Here’s an interesting situation that illustrates how blogging benefits you. I had a client who said she was stopping blogging as she simply did not see the value. We went to Bing.com together as part of our conversation to review her placement on the search engines and there on the page for her top keywords several of her blog posts appeared. After seeing that her blog was an entry point into her website, she decided that maybe she had misjudged the part that blogging played in her overall marketing strategy and decided to increase her blogging frequency.
When done properly blogging provides not only value for site visitors, it can become an entry point into your website and may even funnel traffic into your services pages. But, blogging needs to be engaging, interesting, and on-topic.
If you are looking for a service firm to write quality content for your own blog, I invite you to visit our blogging services page to review pricing and writing samples.
It’s the worst case scenario, you get a note from Google saying it looks like you’ve been hacked. Your website now has a tag on Google that says “this site has been hacked”, your traffic has plummeted and sales are way off. Why you!
Not all hacking is about stealing credit card information. Sometimes a hack is about stealing your traffic and your SEO juice. Only sites that are well-placed and popular are targeted for this type of hack. The hackers know that you are doing something right and have Google’s attention and they want a piece of that action for their own benefit.
What hackers will typically do in this case is to sneak in via WordPress and then move directly into your website, installing snippets of code that create folders on your server and a brand new XML site map full of spammy links pointing to websites that they are wanting to improve the placement on with Google.
Try to just delete the folder and you’re fine, think again. These scripts are propagating. Delete a folder and it will be back tomorrow in a new location with a new name. Plus the hackers will be logging in to add more junk and update their benefiting site list. It is all done to bleed off your traffic and steal the SEO juice you have.
The only way to solve this type of problem is by brute force. You’ll need to take everything down, wipe it clean and then reload only clean files plus a full new fresh update of all WordPress files. You may even have to clean your WordPress database and manually review each and every website page you put back.
When you do, make sure you are hardening your security, updating passwords and deleting files you don’t need where code may be hiding. These are smart, tricky, and unscrupulous people. They are not targeting you but for any other reason that your website is well-placed and popular.
It used to be that content was king on the Web; have a great blog or terrific content on your website and that was enough. Search engines loved it and so did customers. Now with devices galore, short reader attention spans, and readers in the Instagram and selfie generation, blogs and website have to cater to a full bodied rich media experience.
Gone are the days of blogs without images.
Gone are the days when only a few businesses did video.
Gone are the days when content all alone was enough.
Now we need…
● Images on every blog post and some have gone crazy by making the image huge it fills the entire computer screen.
● Do a Facebook update, wow, better make sure there’s a good image on the page so Facebook will grab it as a thumbnail as we all know that readers won’t even look at an update that is not visually interesting.
● Doing a Twitter update, yikes, did you add a Twitter pic link?
● Got a new product. Better whip out your smartphone and do a quick YouTube video of you demonstrating it and upload it and then link it to your website.
Although in some cases images really add nicely to content, it almost seems like the pendulum is swinging too far. Pretty soon websites will look like toddler chunky reading books with images and only a few words of content.
Although a picture may be worth 1,000 words, we still really NEED words in our online content to convey a full thoughtful and persuasive message.