Trust me, hackers are not particular. If you think your blog is safe because it’s new or you don’t have a lot of traffic, think again. Your blog is even more attractive because you’ve left it unprotected, thinking that you don’t have anything to worry about yet. But let me tell you, it only takes one hack job and you’ll pay attention. So right from the very beginning you need to make sure your WordPress blog isn’t hacked.
How will you know you’ve been hacked? Well, that Viagra ad that comes up when you visit your blog is a good indication. And yeah, your regular visitors are seeing it, too. Kinda makes you sick to your stomach, doesn’t it?
But hackers don’t always take your blog down. Sometimes they load it up with links that lead to their nasty little products. If you’re using Firefox you can check by clicking on “Tools” then on “Page Info” and then on “Links.” This will show you all the outgoing links that are coming from your blog.
If you’re not on Firefox you can check the source code for your page. Pay special attention to the HTML coding for the header and footer areas and look for any links that shouldn’t be there.
Most blogs that get hacked are either very new blogs or they’re very old. Newer versions of WordPress have pretty tight coding in place that eliminates most holes. But new bloggers have a tendency to use easy passwords, and they use the same password for everything. Older versions of WordPress get hacked just because they’ve never been updated with more secure software. So let’s take a look at what you need to do to make sure your WordPress isn’t hacked.
First, change all of your passwords frequently. This includes the password to your dashboard, your email, your control panel and your database and use a different password for each location. If you’re allowing other users to access your blog, they need to change their passwords, too. And it’s a given that you should never allow access to anybody unless you trust them completely.
Next, make sure to update your WordPress theme every time a new one becomes available. There’s a lot of behind-the-scenes coding in those updates and a lot of it has to do with closing up holes to prevent hackers from being able to access your blog.
If you haven’t seen an update come through for a while it might be time to change your theme. No updates usually means that theme’s been discarded and there’s no longer any support. A new theme will better, more modern security coded in. If you’re really attached to that older theme, though, you can delete your theme-editor.php file from the WP-Admin folder to prevent hackers from being able to install links. It’s not the best solution but it’ll do in a pinch.