Independent Digital

You’ve probably been using WordPress for a while now, you love it but every now and then something weird happens and your blog just does not perform as it should. So when a new update comes out, you’re overjoyed and eagerly update your blog, hoping all the problems will disappear. But they don’t. Maybe your blog was hacked at some stage but you found the gap and blocked it for good, or so you thought.

You keep getting hacked even though you have kept up with the latest WordPress updates so now you’re thinking of ditching Wordpress. Don’t! The solution is simple, it may take a bit of time but it will be worth it in the end.

I’ve been using Wordpress for about 2 years now and have been hacked a few times. Each time I thought I had it sorted only to be hacked again and again…Here are some of the symptoms I experienced:

• I edited posts and pages, pressed SAVE but they were deleted instead of being saved.
• I try to access my blog only to see this… database error: [User '???????' has exceeded the 'max_questions' resource (current value: 50000)]
• I started getting high volumes of spam mail (some using my address as the sender)
• I try to access my blog and all I see is a blank page
• My theme disappears
• My theme is swapped for the classic or default theme
• My database disappears
• I keep getting the installation page when trying to access my blog
• Posts and pages disappear

My final solution was to delete everything and start again. Naturally I had a backup. I first checked my server for any weird looking files and folders. I found a few and downloaded these to a safe folder. I then noted all the plugins that I had as well as the theme that I was using. I deleted all these. Then I deleted all the WordPress files and folders. I then checked the server once again for any weird folders or files (a bit difficult as I had quite a few other, non-WordPress related stuff installed, many of which I could not remember whether they were legitimate or not). So be careful, don’t delete unless you are absolutely sure that it is not supposed to be there. Try downloading to a safe folder before deleting so if it was a valuable folder or file, then you can always recover it.

Okay, once I had a “clean” server, I downloaded the latest version of WordPress, unzipped it and installed it on the server. I chose to create a new wp-config.php file rather than use the old one – I wanted a completely fresh start and didn’t want to risk carrying stuff over from that last install that may be “infected”. Once I had the basic installation working perfectly, I downloaded a new copy of my chosen theme from a legitimate site (see article on themes are a security risk) and installed this in the Themes folder.

If you can view your backup file, check out the wp_options table for any “active_plugins” and delete these, save the file and import it into your WordPress database. Try viewing your blog – it should function properly with the new theme.

I then downloaded all the latest plugins (as per the list of plugins that I had installed before the deletion) from legitimate sites. Unzipped and uploaded these to the plugins directory and activated them all. I then tried accessing the blog and found a few problems:

• The layout was not as it used to be. I then realised that I had done some editing of the theme files to suite the layout that I wanted. So back to editing the HTML to get the pages looking as before.
• Some plugins weren’t working. This was because some of them required some code to be installed within the WordPress “loop”. So a quick inspection of the installation instructions for the various plugins pointed me in the right direction. I was able to install the necessary code and get the blog working as before. I also chose to install “clean” plugins rather than use the old ones because of my fear of contamination. (see article on plugins are a security risk)

So what did I learn from all this?

1. Updates alone will not sort out a hacking problem. Previous versions of WordPress had security problems, which may have led to a security breach of my site. Similarly I may have been careless in other ways, allowing a hacker into my site. The point is that the hacker got through and was able to install code on my site. Updates from then on were useless as far as securing my site was concerned as the hacker was already on my site.
2. I expected Wordpress to take care of my security when I should have been taking care of it myself. I thought that if I updated regularly, my site would be secure. I was wrong as the hacker was already inside.
3. That I need to take security seriously. I did not believe that I would be hacked. I was, not once, not twice but many times. The time and effort that I spent trying to recover from the problems caused should rather have been spent taking preventative measures.
4. That I need to make sure that my site is free of suspicious files and code (within themes and plugins) – if hackers can get into your site, they can upload destructive files and edit your files by adding malicious code). It happened to me. One of the symptoms I noticed was the increasing amount of spam email that I was receiving. Since sorting out my site, the spam email has disappeared.
5. That I need to update my plugins and themes – from LEGITIMATE sources.
6. Increase my security by installing security plugins such as login lockDown,wp-security scan and askApache.

As of the time of writing, my site seems to be working smoothly and thankfully hacker free. If you would like to sort out your hacker problem once and for all but don’t have the time to do it, why not let us take care of the hassle and do it for you. Let us know.

WordPress themes can be dangerous as far as security is concerned so be very careful when you install any theme. Before downloading any theme consider:

1. Is the download site official, avoid 3^rd party download sites? If it is not an official site nor the authors site, then check the code carefully.
2. Is it the latest version?
3. Are you running the latest version of WordPress?
4. Do research. Check the net to see if there are any security issues concerning the theme that you want to download.

So what are the security issues when using WordPress themes? There are 2 ways that themes can become a risk:

1. The first is when someone intentionally ADDS code to the theme. This could be code which ads a link to the theme. When you display the website using that theme, links are displayed but are probably not visible (see article on spamdexing). The person that included the code is hoping to increase the number of links to his website so that his Google ranking increases. Unfortunately Google will then pick this up and remove your site from their search engine. A double whammy! Quite innovative considering the number of sites using the popular themes. They also imbed code that will allow the mailing of scripts for spam (see artcicle on spam and how to deal with it), phishing or random ads to be served.

2. The second is usually unintentional. The theme author has code in their theme which is not secure and allows a cracker (see article on Search Engine Optimization) to infiltrate the website using the theme. A common example, known as cross-site scripting (XSS) is the use of PHP_SELF without pre-pending htmlspecialchars:

form id="searchform" method="get" action=

"<?php echo $_SERVER['PHP_SELF']" ?>"

This form allows the use of HTML characters when getting the URL of the user. A secure version would include the PHP function, htmlspecialchars() as seen below:

form id="searchform" method="get" action=

"<?php echo htmlspecialchars($_SERVER['PHP_SELF'])" ?>"

This problem is usually seen in the:

• 404 page
• search page
• header page

Here are 2 good articles on cross site scripting:

• http://blog.phpdoc.info/archives/13-XSS-Woes.html
• http://www.net-security.org/dl/articles/xss_anatomy.pdf

Only download your themes from the official WordPress Theme Viewer or directly from the authors’ site.

Want to be notified of any new posts?