I have written about blog security many times but before this past week, I couldn’t speak from experience. Here’s what happened to my blog, and how I fixed it.
Sometime last week, I started getting emails from people that when they accessed my site, their anti-virus software would tell them that I was trying to install malicious software on to their computers. When I tried accessing it, since I’m on a mac, nothing happened and I assumed the problem was on their end. Then, a few days ago I started getting emails that searching for ‘Muhammad Saleem‘ on Google would result in my site but a warning that the site ‘may harm your computer’. That’s when I took notice.
I fired up my Windows installation to see what was going on and ultimately found out that someone had managed to hack my index.php file and injected malicious code into it, resulting in the warnings from anti-virus software and the resulting negative search impact. It wasn’t anything fancy, just a WordPress exploit that I resolved by updating to the latest and greatest, and updating all my plugins. The experience did, however, re-teach me the importance of blog security. Not only did this failure to stay up-to-date harm my image in the eyes of my readers, but also in the eyes of potential readers and Googlers.
If you are on WordPress, please download the latest version and upgrade today. Also make sure that all your plugins are up-to-date and that your theme is compatible with the version of WordPress you are using. Furthermore, you can petition Google to fix your reputation in the search engine.
Note: If you are on a static IP, you can change your .htaccess files to only let your IP address alter files on your server.