It’s a horrible feeling of being used and vulnerable. You were doing really well with search engine optimization and traffic is great! and all of the sudden, you start noticing weird links on your site that you and your admins didn’t publish. You’ve been hacked!
It happened to this site over the last year and only when we started getting solicitations for content did we realize that something might be up. We were right and only years late.
The thing is, if you have a highly prized SEO site, there will be entrepreneurial and shady people who will try to steal that value from you and make money off of it. It’s important to note that these people are certainly taking advantage of unwitting webmasters, but they are doing it without the consent of those webmasters and thus their actions are unacceptable.
How do you prevent such dastardly deeds?
1) You ensure that your users accounts have strong passwords.
Since this site is so old, we had very bad password requirements and it was easy for the nerds with automated password programs to figure out the code. They then simply go into popular posts and inject stupid links:
It’s possible that they install plugins to copy the database, inject their nonsense, then re-upload it. It’s vital that you have strong passwords for all users. Otherwise, you’re at risk of having to clean up years of work or worse, losing important content for good.
2) Use another user than admin
Old WordPress sites come with an administrator with the username and login of “admin”. This makes it pretty easy for the hacker people to figure out which user to attack. One way to defend against this is to not use admin and instead use a username that is equally as complex as your password. You can adjust the display name in the user edit page within WordPress so that people don’t see a post by “adfshk2q31lk940183KHJJKJKJK”.
If you already have a user of admin and cannot change the username, you can make another user the administrator and demote the admin account to contributor. That way, even if the hacker fools break into the admin account despite your stellar new password, they won’t be able to do anything since contributors have limited access.
Take this warning to heart and take action or else you will be vulnerable to people taking advantage of you against your will!
We will be investigating the hackers but in the meantime, if you want to post a link on our site, PAY UP!