WordPress Hacker Attack: How to Learn the Hard Way

Have you browsed through our site recently, only to discover missing images and PDF links? Then, you’ve learned only part of what a hacker can do to a WordPress site if that site has not been updated and backups have been violated. We learned the hard way that the push is on to hack as many WordPress sites as possible. But, we’ve also learned some smart ways to avoid this possibility again.

First, when WordPress offers an updated version of their software, don’t hesitate to download it and begin using it immediately. Yes, we know that WordPress may release a version that may have security holes, but usually those holes are discovered within 48 hours (at least, that’s been our experience). They then release another version that usually remedies the situation. The latest version is 2.8.4, and it works beautifully if you haven’t yet been hacked.

Secondly, always – and we mean always – back up your site before you upgrade to a new version of WordPress. The past couple versions have been problematic for some people, because images were lost or uploaded images were forgotten in backups and code has been generated between new WordPress upgrades and some servers that has baffled people until simple solutions remedied the situation.

We realize that many people who use WordPress are not programmers. So, backups may seem confusing, especially if you’re not familiar with MySQL. A simple tutorial on how to backup your database(s) is offered by WordPress. Another tutorial on how to restore that database from a backup is easy to understand as well. Additionally, we’ve learned that a backup of the database is not all there is to saving everything on your site.

For instance, you may have uploaded PDF files, images and other items onto your server. In some cases, the database backup can be strengthened by downloading your entire Web site via FTP, if you have access to those files. The FTP download will assure you that you have every bit of information that you uploaded onto that site over the months (or years, etc.).

Finally, from what we understand, if you do not upgrade a site to WordPress 2.8.4, your site may be subject to an attack by a worm that registers a user, uses a security bug to allow evaluated code to execute through the permalink structure, makes itself an admin then uses JavaScript to hide itself when you look at users’ pages. It then attempts to clean up and goes quiet while it inserts hidden span and malware into your old posts.

You may first notice the problem if links begin to stop working and – worse – when Google removes your site for containing malware and spam.

But, this worm also looks for typical folder names. So, you might think about changing the name of your uploads folder to ‘fool’ the worm into thinking you have nothing of interest. It seems – from our experiences (yes, we have had more than one incident) – that this worm (or another worm) likes to habitat or mess with the uploads folder, where you store images that you upload to WordPress through the site upload function.

Lastly, be aware that when you upload or restore your site, you may also be uploaded files that have been damaged by a hacker’s attack. Be careful about what you open up on your hard drive and be careful about what you restore to your site. In most recent cases that we’ve heard about, however, the site seems to be clean once the new WordPress version is installed and the database is restored.

Moving forward, there are a few steps you can take to rest assured that something like what happened to us doesn’t happen again.

  • First, there are WordPress plugins that build a ‘firewall’ around your site and that warn you when attempts are made to hack your database. This WordPress Firewall Plugin Security Filter not only warns you about an attempted attack, it also tells you where the attack has originated and the type of attack that was attempted.

That’s just one of many new plugins that you can use to detect attacks and to block them. In most cases, if you don’t want to know about the attacks, then you can turn off the notices. But, you can rest easier knowing that an attempt to mess up your site has been thwarted.

  • Secondly, back up your site at least weekly. This way, you’ve only lost a week’s worth of blog entries if anything. You can do an automated backup if that’s your cup of tea, and you can have that backup emailed to you. Be forewarned, though, that your backup may be corrupted. Therefore, it’s a wise idea to save several weeks’ worth of backups in case you discover a problem.

At Worldlabel, our focus is on labels. We offer this blog as a way to help you learn how to use labels to your advantage in the least expensive way possible. We hope to keep meeting our goal in an effort to help you, so please forgive us for our lack of attention to all things hacker. The images and PDF files will be restored (we did do something right!), but, in the process, we also are fulfilling label orders – which is the most important process for our customers.