One of the websites I manage got hacked today.
Suddenly my site is infecting people with Boner ads and I mean, why? Can’t Viagra sell itself?
At this point in my career I’m pretty used to it, but today I found this “code” in the midst of infection:
God damn I’m sorry, but, how douchey is that?
I’m still in a mystery as to why someone would hack? It’s not like there’s a shortage of Web Development jobs. Is it to be “cool”? I know Hollywood kinda portrays it that way, but it’s really not. You’re just being an asshole.
Well, enough ranting for today; here are some tips for staying safe in WordPress:
- Use a Security Plugin and enable automatic scans. I use WordFence and I’ve been quite happy with it. It alerts you on any hacking attempts, malware injections, and if a plugin or theme needs updating. It also blocks IPs and has a myriad of other cool features – for free.
- Always keep your plugins and themes up-to-date. I can’t stress this enough, hackers are relentless and are always finding new vulnerabilities. Keeping everything up-to-date means you have the most up-to-date security protection or at least as far as that developer is aware of. Remember to take a backup before any updates!
- Use Comment Moderation Software like Akismet or WP Spam Shield. This will help prevent malware and spam links from making their way onto your site.
- Don’t use a common username like “admin”, it’s just not safe (more details here).
- Make sure your password is tough one and is not on this list (Source: https://www.skyhighnetworks.com/):
- Important! Please take the time to get a knowingness and understanding of what Hardcore Hacking Mode is and what it looks like.
As a final note, why are you listening to me? Didn’t I start off this post on a rant about being hacked?
Yes, I did…
Well, all I can say is, it happens. In this day and age it’s a constant battle between black hat and white hat online. Target got hacked big time in 2013, the Playstation Network got hacked in 2011 and the list goes on (Check out this from information is beautiful for a pretty neat infographic on the subject).
Really the best we can do is write the best code possible, keep all of our security up-to-date and stop clicking on those boner ads ;).