Unfortunately, in the Wild West that is the Internet, there are many nefarious characters who will gladly take advantage of any loophole they can to steal information or increase their search engine ranking.
When it comes to hacking WordPress, it’s usually the latter rather than the former. Hackers love to break into innocent blogs and place their backlinks (usually to a website that has something to do with ‘add-ons’).
They can do this in a number of ways, inserting links into iFrames, encrypted code, or simply leaving them in your footer as invisible text. Having these types of sites on your website can cause drastic drops in search engine rankings and every possible method should be used to avoid this.
The best defense is a good… Defense?
While it definitely takes a good offense to avoid getting hacked, in this case having a number of recent backups (at least one every time you publish a new post) and constantly checking for attacks provides the best defense against hacking there is. .
The moment you find out you’ve been hacked, you simply restore your most recent backup and be back in business. No lost content (other than the one post after you got hacked) and very little downtime.
How do you check if you have been hacked? Search Google for “outbound link checker” and check your blog for any outbound links you haven’t put there. Do this several times a week and before each post. You should also use the ‘View Source’ feature in your browser and check your header/footer and sidebars for any extraneous links you didn’t insert.
There are many different ways to check if you’ve been hacked, but those are two of the simplest and most powerful.
And now the offense
Update your WordPress installation EVERY TIME a new version is released. This really should be a no-brainer, but many people just don’t do this! It’s mind blowing as it actually only takes around 15 seconds and will ensure you have the latest and greatest security patches etc. I am not compatible with the new version, which brings me to the next point…
Don’t run old plugins! I know, I know, you spent $47 on some miracle plugin a year ago and you don’t want to lose it, but if the manufacturer doesn’t provide updates, then you should until they do. You can always email the plugin manufacturer to request an update, but until then don’t use plugins that are incompatible with current versions, especially if it’s out of date!
Change your password frequently! This is one that everyone knows about, but very few people do because remembering new passwords sucks. The solution to this: buy RoboForm! Seriously, everyone who spends any amount of time online should have this program, it will pay for itself within a month from the time you save.
If you are vigilant in all these areas, your chances of being hacked are greatly reduced and you will also be protected against database failures and all kinds of disaster scenarios.
Good luck and happy blogging!