Recent changes by Google have made site security more important than ever. If your site has been compromised, that fact will now appear in Google’s search results. Simply put, if your site is hacked, you loose traffic and the online reputation you’ve worked so hard to build could be tarnished. Of course, an ounce of prevention is worth a pound of cure. Following are a few tips on where your site is vulnerable and how you can keep it safe.
On Dec. 17, 2010, Matt Cutts announced on the Google Webmaster Central blog that Google would show a site’s hacked status in search results. What this means is that linked text stating “This site may be compromised” will be placed just below your site link that might have otherwise brought you viewers. It will look something like the image shown below.
A Common Hacking Myth
Most hackers have no interest in shutting your site down. They had much rather see it prosper and grow. That way, the little code hacks they slipped onto one of your back pages may go completely unnoticed. They can continue to grab information about your site visitors for as long as it keeps running or they can include links to other sites.
Secure Your WordPress Installation
One of the best methods to keep hackers from gaining entry to your site is to have a professional geek perform a secure WordPress installation right at the start. This includes manually setting up the database, installing software from the WordPress site, installing security plugins, and installing special files in the root directory to protect the database and site login information. Read more on why a 1-click installation is not secure.
Keep WordPress Updated
In the summer of 2010, WordPress released version 3.0, which was a complete overhaul of the core software. During the next six months, it released three major updates, all of which were to fix security loopholes.
While it may seem like a drag to see that little black update circle when you first log in to your Admin area, take the time to update all items listed.
Keeping your core files updated is the only way to maintain your site security. Hackers never sleep and they are always probing new software releases for vulnerabilities.
Keep Themes Updated
Site security is not limited to the installation of core files. Themes can have vulnerabilities too. In fact, some free and low-cost themes can have them built right in. Free themes listed in the WordPress extended area are safe. Otherwise, be sure to get themes from a trusted source and be sure to get the latest updates for it.
There is a Theme-Check plugin available that will allow you to check a theme for malware before it is uploaded to your site, but keep in mind that it may not be updated for the latest threat.
Keep Plugins Updated
Like WordPress files, plugins also require updates. For some, the updates are frequent. Don’t wait to do that update because it usually includes a security or major bug fix.
Like themes, some plugins come with hidden files intended to set up malware on your site, or open a back door by granting permissions to unauthorized users. Always install plugins from the Official WordPress Plugin directory. (You can also get to that listing from a search within your plugin Admin area.) A good way to check if a plugin is legitimate is to visit the creator’s site and see if there is any support available. If not, find another plugin.
What to do if Your Site Has Been Hacked
Hire a professional geek to remove the offending files and shore up your site’s vulnerabilities. Keep in mind that it may cheaper to loose your current theme and get a new one, especially if it was a free theme from an unchecked source.
There are several good WordPress plugins available that will comb your site for vulnerabilities and help secure it. You can find a list of them by doing a search on the word “security” from your plugins page in the Admin area of your site. Keep in mind that not all security plugins will run properly on every host because some hosts, even a few big name ones, limit what you install on the root directory of your site.
After your site has been cleaned and secured, Google assures that the warning will be removed. However, it could be weeks before that particular page is indexed again. To speed things up, you can request a review to accelerate the process.
It’s time for you to get serious about your site’s security, before you loose any potential visitors due to a hacked site.