How to know if your WordPress site has been hacked.

Collin StoverWebsite SecurityLeave a Comment

I’ve shared stories in the past about clients who came to me with Websites that were hacked and they didn’t even know it. So how does one know? First of all, you are never too small to have your WordPress site hacked. The first step is to just look at the site. Is it up and functioning? Check. Many times when a Website is hacked, the home-page immediately goes down and is left blank or replaced with a hacker’s page. The next step is to Google your site. Sometimes a Website that has been hacked will be found out by Google before it’s found out by a “normal” person. If you see any weird characters in your site description or Google says “This site may be hacked,” then there’s a chance you’ve been hacked. Next, be sure to install a security plug-in and run a malware scan. This will search … Read More

How are most WordPress websites hacked?

Collin StoverWebsite SecurityLeave a Comment

According to WP Template, 51% of WordPress Sites that get hacked were done so via an insecure theme or vulnerable plug-in. Keeping your themes, plug-ins, and WordPress itself up-to-date is the #1 thing you can do to secure your WordPress site, by far – and it’s clear by the numbers why that is. When a plug-in updates, it is usually for two reasons: To add new features, and to improve security. As technology advances and hackers get more sophisticated, plug-in and theme authors as well as WordPress have to stay ever-vigilant and secure their “code.” If their code is insecure, so is your Website. So essentially, when you fail to update your Website, you are allowing the potential for hackers to force their way in through insecure code.  When you see the little orange “update” button in WordPress, click it. You should update anything there as soon as possible – … Read More

Let’s Go Phishing – How a thoughtless click almost costed an event planner her Website.

Collin StoverWebsite SecurityLeave a Comment

I recently received a frantic text from a client who was sure she had messed up. She received an Email on her way out the door, supposedly from her Web host. It told her in rather-official looking (at first glance) language that they had received a request to cancel her Email account, and that if she didn’t want this to happen in 3 hours she needed to click the link. Urgency took over – she was on her way out the door, didn’t want her primary Email to be cancelled, and it looked like the Email had come from her Website or host. She clicked the link, and then after thinking about it for a while, changed her hosting password and gave me a call. Luckily, she caught her hasty mistake in time and nothing else came of it. She forwarded me the Email, and sure enough – had she … Read More

Why would someone hack a “small” Website?

Collin StoverWebsite SecurityLeave a Comment

Take this lesson: You are never too small to be hacked. In fact, the smaller you are, the easier a target you appear to be for hackers who have various motivations. Think of a wild savannah cat, like a lion, chasing a gazelle. Who does the lion usually focus their attention on? That’s right, the scrawny little guy with a broken leg. It’s kind of a gruesome picture, but that’s how many of these hackers view these small Websites. They’re easy-pickings because small business owners oftentimes just don’t know how to protect themselves, and they’re too busy wearing a billion hats sometimes to notice. You’re that gazelle with a broken leg. I told the story in a recent blog post of a client who came to me with a site that was already hacked and she didn’t even realize it. Over the next several weeks I am going to be … Read More

Is Your Site “Too Small” to be Hacked?

Collin StoverWebsite SecurityLeave a Comment

UPDATE: I’ve recently written several posts about WordPress security, which you can read here: How to know if your WordPress site has been hacked. How are most WordPress websites hacked? Let’s Go Phishing – How a thoughtless click almost costed an event planner her Website. I recently Googled my client’s sites and saw this awful message: I didn’t design their site, I was hired for maintenance and marketing consulting. I thought that this must have to be some kind of mistake on Google’s part, but I looked through the site files and found 3 malicious files that were put there by what was indeed a hacker. They even left a calling card. Luckily I found it and removed it before more damage was done, as it appears that whatever they wanted to do hadn’t been executed yet. But this goes to show…your site is NEVER too small to be hacked. This … Read More