It’s hardly news. Hacking into blogs is far more prevalent than you may think. A Google search for ‘My Blog Was Hacked’ gives a count of over 2,770,000 web pages. I regret to say that this blog was hacked into by a real expert some 10 days ago. Since then, I’ve done a great deal of exploration and frankly it’s all very fascinating.
In this post, you will find hints on how to stay vigilant so that you will be aware if your blog is hacked. In a subsequent post, I will give some more advanced tips on how to stay vigilant and make your blog more secure. In a final post, I will describe some of the results of such hacking activities.
An underlying realisation in all that is written is that some hackers are extremely knowledgeable and skillful. The best you can do is to ensure that your blog is as secure as you can make it. It then is like the old joke about outrunning the bear. You don’t need to outrun the bear, but only your buddies who are with you. There are a host of other blogs that are insecure, and that may be your biggest protection.
Whose Blogs Get Hacked?
WordPress is quite rightly enormously popular software for writing blogs. As more and more people use it, it becomes a more interesting target for hackers who try to exploit any weaknesses in the software.
It was not surprising to see items such as WordPress 2.1.1 Dangerous, Upgrade beginning to appear early in 2007. Nor was it difficult to believe that Matt Cutts WordPress Blog had been hacked, when this appeared on April 1, 2007. That was a spoof but since then there have been many real hacking incidents. Al Gore’s blog was, according to Stuart McKeown, as was the WordPress blog of Matt Heaton (Bluehost and Hostmonster CEO). It continues unabated as Stephan Miller and members of the WordPress Support Forums can testify.
How Will You Know If Your Blog Is Hacked?
The real problem is that you may not realize your blog has been hacked. There may be no visible trace of the hacker’s work. The hacker may wish to boost the search engine visibility of online non-prescription medications or pornographic websites. It is done in such a way that it is hidden from prying eyes.
One useful test is to look at the source code for the blog. In Internet Explorer this can be seen by clicking on View > Source. In Mozilla Firefox, this can be seen via View > Page Source or from the keyboard by pressing
Make Your Blog More Secure
Matt Cutts has given some useful tips to protect a WordPress installation. The most important of these is to ensure you always have the latest and most secure upgrade of WordPress. It is perhaps fitting that this blog post appears when WordPress version 2.3.3 has just been issued. This topic will be covered more fully in a subsequent blog post.