My Blog Got Hacked! Here’s How to Protect Yourself.
Recently someone hacked into my blog.
They somehow got access to my server. Then they put a malicious script on my site. This script was used for phishing (trying to get get information such as usernames, passwords, and credit card details).
I didn’t notice this happening at all, but Google did.
And you know what Google does when they see a phishing script on your site? Yes, that’s right. They stop displaying it in the search results. Not just the page that does the phishing, but the entire site.
Which, if you’re making money from your blog, can be devastating.
And anyway, just the thought of someone using my server to still private information is sickening enough.
This is actually not the first encounter I’ve had with hackers.
Last time a hacker touched my site, they replaced my Amazon affiliate id with theirs. So when people came to my page and then bought on Amazon, he got the commissions instead of me.
By the time I figured it out, I lost plenty of money.
My husband (Seth) got hit through his blogs repeatedly.
One of the hackers was very smart.
Every day for a few hours they would switch Seth’s Adsense id with theirs. Then they would get all of his Adsense commissions. After a few hours they would switch it back so that he wouldn’t notice.
This was very hard to catch, because Seth was still getting commissions. He was just splitting them with the hacker. And the hacker got paid for Seth’s hard work.
Not only that. It took months to clean up the server and get rid of all of the files the hacker left there.
So What Else Can Hackers Do To Your Site?
Actually, if you do a quick search online you’ll see that blogs get hacked on a regular basis.
Here’s what a hacker can do if they get into your blog:
1. They can put spammy content, hidden pages, or hidden links on your site. You may never see them, but Google will (there go your rankings).
2. They can use your site for spreading malware – software that causes damage to others. Google absolutely hates that. And so do all of us…
3. They can use your site for phishing (what just happened to me). This can get you shut down by your hosting account, and/or delisted by Google.
4. They can redirect some or all of your visitors to their own site. Visitors never see your site – they just automatically go to the hackers’s site.
Often they redirect only visitors who come from search engines, so you don’t even notice. Here’s an example of this actually happening (an old post but still relevant).
5. They can also redirect only search engine bots. That way you don’t see anything wrong. And neither do your visitors. But the search engine bots get redirected, think that your site has moved, and will eventually stop displaying it.
If you do a search for ‘googlebot hacked’ you will find a lot more.
You can read more about hackers and what they can do to your site on Wikipedia.
Here’s a video I once made. In it I reveal some surprising hacks:
This can happen to you too.
How to Protect Yourself
Here are things you can do to protect yourself:
1. Always upgrade your WordPress and plugins as soon as an update is available.
2. Make sure you completely trust anyone who has access to your blogs
3. Remove old software, WordPress themes, and plugins that you do not use anymore.
4. Make sure you use a good host that updates their software regularly.
5. Make your backups of your sites.
The 2 most important things to do are regular updates and backups.
I know this can be a pain to do, because logging into each blog you own and updating it on a regular basis is a pain.
That’s why I recommend you get WP Pipeline. It will allow you to make backups and updates with a single click – for all your blogs at once!
One Last Thing
There are a few other simple tweaks you can make to your blog. You just do them once but they will give you security in the long term.
I wrote a report explaining what to do. It’s simple – just take a few minutes to implement these tweaks. It’ll save you the hours (and money too) you’ll have to spend on restoring hacked sites.
It’s something I highly recommend. Because if it blocks just one hacker from stealing your commissions or getting you delisted, it’ll be worth the investment.