Site reputation – that’s what hackers want to steal from you for their own personal gain. Don’t think that you need to just be using WordPress to become a victim. I’ve seen regular HTML website fall prey to hack attacks too.
It typically all starts with your user name and password being stolen. Hackers create a phishing page that looks legit that they hope you will click and then enter in your user name and password into. The best defense is to never click links in an email and if you do click a link, never share login information no matter how valid a site or form looks.
Instead, go to your login address using your browser and access your account without clicking a link. You will typically find that there is not a problem with your account or access. But the email you had received had some dire notice that you were going to lose access or your account would be closed. Be suspicious of everything.
Troy Hunt has it right in his article on how and why hackers want to get into your site and steal your credentials. His article is worth the read to allow you to make sure to stay safe. You will be amazed at the extent hackers will use, to mask their presence in an effort to steal your credentials and then your website reputation.
What’s with WordPress lately? My firm manages a number of client blogs and writes for many more, in the last month I have found a number of blogsites that are undergoing repeated entry attempts by robots. Fortunately for our client sites, we lock them out the bad guys and monitor WordPress files using three great apps.
I like this very simple login app. You can set lockout time frames and you are not pestered with repeated messages.
WordPress File Monitor
I like this plug-in as well as it does not inundate you with messages, but let’s you know when files have changed at WordPress by email. For many client sites, we are monitoring the logins and access. It helps to keep the blog secure and hack-free.
After you’ve been hacked once you’ll want to make sure that you are using this plugin that has many more features and will let you know each and every single action on WordPress. Clients quickly feel overwhelmed with the message traffic, but sometimes you’ll want to know each and every login attempt to see a pattern and to see if the hackers are getting close to figuring out your user name. Although you can lower the number of messages, for sites that are undergoing aggressive entry tactics, I recommend watching everything. Remediation can be costly so it helps to know what is happening to jump in and do updates immediately if needed.
I’ve personally found that if you have used admin as a user name and then a simple password, you may already have been hacked and should login to see what is going on as well as take moment to create a secure letter and number, plus character password for WordPress.
There are some bad guys out there testing many WordPress sites or blogs, looking to see who has not properly secured their site to break in and then use the site to spew out spammy links.
If you are tired of watching your own site, we do offer monthly blogmaster services and monitoring if you need it for $30 a month. Find out more about our blogmaster and webmaster services.
We all know that WordPress websites and blogsites can be hacked and can actually be targets for spammers, but did you know that regular websites can be targets too?
Here’s something I just saw recently that was very concerning to me.
A customer came to me recently and said that his daughter was reading his website and noticed a few funny words like biking in his kitchen spice selling website content. He asked me to take a look. This is what I found:
The stylesheet on the website had been changed to override all underlines and colors on the links.
Keyword dense anchor text had been scattered throughout the website and links to biking and travel sites inserted randomly in the content.
The links were were difficult to find in the content as one, there were not that many, and two link underlining had been turned off globally.
What is very concerning to me is that this was a silent attack, very subtle, small, and did not impact overall readability or appearance of the site. Most of all however was the site was just a five page regular HTML site.
This means that any website can be attacked for spammy purposes. The biggest key to identification is if link underlines are turned off and colored to match the rest of the text. Although this can be done for separate links and not globally, keeping an eye on your website big or small, HTML or WordPress is definitely now in order.