A member contacted me today about the very same security concerns I’ve been talking about this week – a site that has been hijacked with spam links. Not only does this risk getting your WordPress blog delisted, but it affects his bottom line by skewing his Adsense ads to the wrong topic (in this case, credit cards).

Since this is now so common, what can you do?

Of course, this assumes the WordPress blog is your whole site – for example, if you’re running phpBB (a popular forum program for both users and spammers) the problem may be coming from there, and you’re going to have to do some research to see which is causing the current security issue.

• Assume everything is compromised. For example, if you have a faulty theme, then someone is adding code to your site – there’s no reason whatsoever the code needs to be limited to ads, and could be sending out who knows what (such as passwords). So assume the worst.
• Turn off outside items. This means deactivating themes, plugins, and any other outside code you may be using. Use the latest default theme for now.
• Backup your site. Dump your database AND directory files. If cPanel allows it, dump the whole site (look for an option called ‘backup’). If not, then do an FTP copy of your site, and a database backup. Also, do an XML output of your site, which can make adding articles easier if you don’t reuse the old database.
• Lock out visitors. Until you get this solved, you don’t want anyone visiting your site – so shut them out. There are many ways to do this, but one way is to physically rename all the WordPress files and directories – for example, index.php to index0.php (or something else) /wp-content/ to /wp-contentx/ etc.

Pages: 1 2