What Do Hackers Want with Your WordPress Blog?

Expect the unexpected.
Illustration depicting a roadsign with an ‘expect the unexpected’ concept. Sky background.

The question is always the same, “Why does a hacker want to get into my blog?” The answer is always the same – to drive traffic. But, that traffic is not to your site, but rather to drive traffic to a site they are being paid to promote.

The traffic is either direct or indirect. Direct traffic is where a hacker breaks into your WordPress site and then overwrites your website with their own site or landing pages pointing to their own site, I just saw one today for a webmaster prospect that was taken over by pornography sellers.

Indirect traffic is more sneaky. Here the hackers break in to WordPress and hope that you won’t know. Then they leave self-replicating scripts in various locations of WordPress and even tunnel into your own website. They use these scripts to create “ghost” pages that only search engines can see that are filled with links and keywords all pointing to sites they are hoping to boost in the organic search results.

In many cases if you find what you think is the spam directory (usually they hide it) and you delete it, the replicating scripts simply recreate everything you’ve deleted. You’ve got to do a very thorough  wipe of the server and site files to get rid of this type of hack permanently.

Many business owners ask, “Why me? I’m not Amazon and don’t even have tons of traffic!” Here’s where the hackers are playing a numbers game. The more sites that point to the site they are promoting, the better off they are initially.

Typically sites that these hackers are promoting are trying to garner organic placement temporarily to serve malware installations. Once the search engines figure out which sites they are they shut them down, but by then many people are now infected and the hackers then go on to the next site.

The best way to protect yourself from these kinds of issues is to keep WordPress updated and as secure as possible with plugins that monitor files and then check your WordPress application at least once a week.

If you need help with monitoring WordPress, please check out our webmaster services.