“Your website has been hacked, and you didn’t even know it!”
Unfortunately, that’s the news that I’ve had to deliver to quite a few clients lately who host their websites on “shared” web hosting services, or hosting companies that do not actively update their clients’ websites.
Most recently, I was moving a client’s website to a Managed WordPress Hosting service, and I logged in to grab a backup of the site to move. As soon as I looked at the files, I knew instantly that they’d been hacked.
I stare at WordPress files all day long, so that file named indonesia.php stuck out like a sore thumb because it didn’t belong with WordPress files.
I was hesitant to open it up, but I did and luckily it wasn’t anything dangerous … just mischievous.
If you read my last blog post answering the question “Is WordPress Safe?” you’d know that I listed three common reasons hackers hack websites. Here’s a review:
- Redirect – send website traffic to another site, such as selling knock-off sunglasses or medicine, etc.
- Deliver Mal-ware – infect your browser with pop-ups and other annoying behaviors.
- Relay Spam – use your website to send spam email.
In this case, I’m going to add a new reason to the list …
That’s right, you heard me correctly … many hackers just hack sites for fun. It’s a contest, and they post their exploits on websites with a scoreboard ranking hacking groups with the highest number of hacked websites per week.
So this particular website that I recovered had been hacked just for fun.
It was hacked months ago!
This is the important part … the website had been hacked almost three months ago!
The owners of the website hadn’t updated their plugins in months, and as a result a security vulnerability was exploited by this hacker. It’s a good thing the hacker did not do anything more malicious!
“So how do I know if my website has been hacked?”
We’ve had several clients recently call Juice Marketing asking about website re-designs, and in the course of looking at their current website, we discover that their website had been hacked and was either relaying spam or redirecting to other sites for a long time.
In light of all this hacking activity, we are now offering a quick “check up” service.
Get peace of mind knowing your WordPress website is safe.
Fill out this form, and we’ll check your site for you.