Lee Odden

When Hackers Attack Your Blog

Lee Odden     Blogging Strategy

Hacker RobotEvery day hackers sit out there an pray on good sites for no good reason. Some days they are even successful. In the past few months I’ve worked with a few blogs to detect and remove hidden code that was causing various unwanted issues. It happens to the best of blogs, and knowing how to find and remove it is just as important as trying to prevent it.

Blog #1 – The iFrame – The first indicator that something was wrong here was the time it took the blog to load. It seemed abnormally long. I popped open Safari’s activity window and noticed it was connecting out to an IP address that I didn’t recognize.

When the did finally load, it then asked me if I wanted to run a Java applet. Huge red flag there. It took some digging but I found a lot of files contained some iFrame code that was loading badware from an external site.

To fix, I deleted and re-uploaded all the files I could, and walked though each theme and plugin file to find any traces of code that should not be there. Once cleaned out, the site ran much smoother.

Blog #2 – Hidden Random Links – With this blog, Google actually caught the issue first. They put a lovely note on search results that said the site may be unsafe to visit. Even when someone did click on the search result, Google sent them to a warning page. So not cool, but understandable.

I immediately looked though the theme files and re-uploaded any admin files with no luck. Oddly enough, the issue presented itself only on a few posts, not all pages. This means that the issue was not part of the theme or any other main files. The badware was actually embedded in individual posts.

Using Google Webmaster Tools, they listed out a number of infected pages. I then viewed the sources of those pages and was able to see an empty link that went out to a known badware site.

To fix, I edited each post with WYSIWYG editing turned off. This allowed me to see the raw HTML and it was easy to see the infected posts. Within a day or two of cleaning up the code, Google cleared the warning message.

Blog 3 – Spam Links – If you’re not running the most recent version of WordPress, you may become affected by old security issues. With blog #3, someone added a couple hundred invisible spam links to the footer of the site. We were lucky with this one as a visitor tipped us off early. The fix was simple, remove the links from the footer file and update to the latest version of WordPress.

Hack Attack Tips

If you do find your blog has become infected, here are a few things you should always do.

  1. Clean up any infected files as soon as possible. It’s your reputation and your visitors safety at stake.
  2. Delete any blog and plugin files you can and re-upload new ones. Don’t get rid of your configuration or theme files though.
  3. For those files that you can’t just delete (like config and theme files) open each one and check for issues.
  4. Update your blog software and plugins to the most recent version. The newer the files the safer they probably are.
  5. Change your passwords. Your blog user, your ftp and any others you can. You never know how hackers get in.
  6. Backup everything. In the three cases above, no files or information was deleted by the hackers, but that doesn’t mean they will always be as nice.

Hackers are out there every day doing what they can to harm innocent sites. You can take steps to protect yourself by keeping your blog software and plugins up to date and creating good, strong passwords along with frequent backups.

Do you have any words of wisdom to share about keeping blogs safe?

PoorSo SoOKGoodAwesome (No Ratings Yet)

Lee Odden About Lee Odden

@LeeOdden is the CEO of TopRank Marketing and editor of Online Marketing Blog. Cited for his expertise by The Economist, Forbes and the Wall Street Journal, he's the author of the book Optimize and presents internationally on B2B marketing topics including content, search, social media and influencer marketing. When not at conferences, consulting, or working with his talented team, he's likely running, traveling or cooking up something new.


  1. For my one Typo blog, I keep a Subversion repository with a known good set of application and configuration files up to date, just in case something gets corrupted by me or by outside agents.

  2. I agreed with you

  3. Avatar Andy Bargery says

    All I can say is when you do get hacked, it hurts. Recently a number of my blogs were attached, taking the theme design down and out. I tried to reconfigure and now one of my blogs is out for the count – nothing but the horrible white screen. I believe this was casued by trying to upgrade to WordPress 2.6 in the hope this would keep me better protected.

    Biggest lessons I have learned…

    1. backup everything regularly!!
    2. get technical help asap and make sure you have someone reliable to help when you need.

    thanks for the other tips above.

  4. If you have a look, my blog was hacked and has a black arab “owned” screen now, my host has been trying to repair it but I fear the worst. Though I knew of hacks and virus’s this was personal, my blog being our portal to the public of what our homeless life is like daily not to mention I had pages of personal photos and videos, I did backups but only data base ones, when I did have a full site back up my host techs couldnt get it to reinstall and I lost 3 weeks posts (alot in my blog as I post several times a day). No matter what we WP users do it cant be prevented no, wordpress is open source therefor anyone can find a security hole and create hacks as its always under development. I am sincerely thinking of dropping wordpress because I am tired of being hacked, I just dont know which blog software may be a little harder to hack to switch to.
    This is a great article thanks

  5. Deb, sorry to hear about your issues. WordPress is secure. It depends on the passwords, setup and plugins used though. Any one of them can cause security issues.

    Can the host confirm that they hacked into WordPress? Or did they hack into the hosting? If it’s the hosting, than you need to have a serious talk with the host about preventing this.

    I’d recommend changing all the passwords and make sure they are secure. Check out his post for more information: http://toprankblog.wpengine.com/365/security-keys/