Site reputation – that’s what hackers want to steal from you for their own personal gain. Don’t think that you need to just be using WordPress to become a victim. I’ve seen regular HTML website fall prey to hack attacks too.
It typically all starts with your user name and password being stolen. Hackers create a phishing page that looks legit that they hope you will click and then enter in your user name and password into. The best defense is to never click links in an email and if you do click a link, never share login information no matter how valid a site or form looks.
Instead, go to your login address using your browser and access your account without clicking a link. You will typically find that there is not a problem with your account or access. But the email you had received had some dire notice that you were going to lose access or your account would be closed. Be suspicious of everything.
Troy Hunt has it right in his article on how and why hackers want to get into your site and steal your credentials. His article is worth the read to allow you to make sure to stay safe. You will be amazed at the extent hackers will use, to mask their presence in an effort to steal your credentials and then your website reputation.
It’s the worst case scenario, you get a note from Google saying it looks like you’ve been hacked. Your website now has a tag on Google that says “this site has been hacked”, your traffic has plummeted and sales are way off. Why you!
Not all hacking is about stealing credit card information. Sometimes a hack is about stealing your traffic and your SEO juice. Only sites that are well-placed and popular are targeted for this type of hack.
The hackers know that you are doing something right and have Google’s attention and they want a piece of that action for their own benefit. What hackers will typically do in this case is to sneak in via WordPress and then move directly into your website, installing snippets of code that create folders on your server and a brand new XML site map full of spammy links pointing to websites that they are wanting to improve the placement on with Google.
Try to just delete the folder and you’re fine, think again. These scripts are propagating. Delete a folder and it will be back tomorrow in a new location with a new name. Plus the hackers will be logging in to add more junk and update their benefiting site list. It is all done to bleed off your traffic and steal the SEO juice you have.
The only way to solve this type of problem is by brute force. You’ll need to take everything down, wipe it clean and then reload only clean files plus a full new fresh update of all WordPress files. You may even have to clean your WordPress database and manually review each and every website page you put back.
When you do, make sure you are hardening your security, updating passwords and deleting files you don’t need where code may be hiding. These are smart, tricky, and unscrupulous people. They are not targeting you but for any other reason that your website is well-placed and popular.