Fast Alarm For Hidden WordPress Hackers
If you have a high-traffic blog, then you certainly deserve congratulations. Unfortunately some of your admirers may be hackers who would like to ride on your success. In a way there is good news and there is bad news. The bad news is they may well try to hack in to your website. The good news is they may do it in a way where you won’t even know. However that is no consolation.
Perhaps one of the most visible case studies on that is the blog of Matt Heaton, the Bluehost and Hostmonster CEO. The Kakkoi website provides a good account of what has been happening there. At the time of writing this post, the blog is still hacked although you would not know by looking at it.
How Can You Guard Against Hacking?
In some ways security for your blog is similar to security for your home. Almost every home security system is crackable, given time. However if you have a fast response to any signs of a break-in, then you may significantly limit any damage that is caused. Indeed any potential housebreaker may decide to go for an easier target.
The same principles apply in considering websites and blogs. The article, Guarding Your WordPress Blog, suggests two main priorities for your blog security. The first is continuing vigilance, since many hacking activities seem to take place during weekends and holidays. The second priority is to ensure that your blog is as secure as it can be by upgrading to the most recent secure WordPress version and by hardening your total WordPress installation.
A Rapid Way To Spot Intruders
Expert hackers often attempt to gain entry without leaving visible traces. So how much effort should you put into searching for signs of entry every day? One method that will often detect such entry is to look at the source code for a typical blog entry. It takes a little time, but usually signs of entry are fairly visible given the pharmaceutical and porn links that are included in the code.
A more rapid way of doing such a check is to create a test page within WordPress. WordPress supports the creation of both blog posts and pages. Pages are entries that are not tied to a particular date. All that is needed is a test page with the title of ‘Test’ and the content of ‘test’. Such a page is generated by the WordPress software in a similar way to each blog post. If a hacker has been able to gain entry and modify the blog post content, then this will also affect the Test page.
If Mozilla Firefox is your browser, then you can do a very rapid check of your blog security. Just visit the Test web page. Clicking on the Tools > Page Info navigation menu choice will give you information about that Test page including its size in bytes. Unless you change something in your Theme that affects the header, sidebar or footer that size should always be the same. Such a check of the size of the Test page can be done in seconds as often as you wish.
Unfortunately in other browsers such as Internet Explorer, checking the size of the Test web page takes just a little longer. One way is to look at the Source code in Notepad and save this as a text file. You can then check the size of this text file. Each time you do this you should find the text file is exactly the same size. If you have a number of blogs to check, then you might be advised to keep Firefox available as your way of doing this check as rapidly as possible.
One small note of caution is that you should do the check while not logged in to your Administration Panel. If you are logged in, then the resulting page contains a few extra bytes. Equally if you arrange a rapid cache arrangement for your blog using wp-cache, then this may add a few extra bytes. However if you use the default value where web pages are not cached for more than 3600 seconds, then a daily check of the Test web page should not run into problems.
Conclusion
The simplicity and rapidity of this method of checking for intruders is such that a daily check is only a matter of seconds. If you feel that your blog is less attractive to a hacker, then a weekly check each Monday morning should be sufficient. If you make regular backups of your blog and of its database, then if ever you find that a hacker has struck, putting things back in order should not be too onerous.
Related:
WordPress Blog Hacked
Hacked: It Could Never Happen to My Site (Famous Last Words)
Go To Top
BPWrap
February 11th, 2008 at 9:59 am
Your page sizes are likely to change if you have advertising, recent posts, top ten posts – as this site does.
A few lines of perl could probably download a test post, strip out the bits that are expected to change and then calculate the size and compare it to the last run. You could even run such a test hourly and have it email you whenever there’s a change.
For people with respected, high-traffic blogs, this sort of monitoring makes sense.
February 13th, 2008 at 12:10 am
Those are good suggestions, MMMeeja. I think daily monitoring is good enough in most instances. After all you hope your security measures will deter most hackers.
August 26th, 2008 at 10:46 am
for this kind of sites, daily check is all u need
August 28th, 2008 at 11:56 am
Great tips there for checking intruders. I check my pages daily that is checked via a script.
September 14th, 2008 at 7:53 am
After upgrading to 2.6.1, I came to know that i need to upgrade to 2.6.2 again. What the heck is that and why? because someone can re-generate a password through some existing username and wordpress team even didn’t know this. I am worried and am going to try Drupal as well.
September 25th, 2008 at 3:13 am
I thought that 2.6.1 was secure – I only read this a few days ago as well – oh well, time to upgrade again.
November 28th, 2008 at 7:09 pm
Last time my wordpress blog was nearly hacked.I found out the hacker was hacking for my premium themes.They were not very good and leaved down some traces
February 6th, 2009 at 12:12 pm
Great suggestions! Hackers are as annoying as spammers and we all need to protect our sites. We work hard for what we have, it is a shame that we have to worry about these things.
Thanks for the post.
March 4th, 2009 at 8:08 am
We check our visitors daily, but in line with the comment above, we also hate the thought of having to worry about spammers & hackers.
March 12th, 2009 at 8:33 am
I am concerned and afraid to see a strange name in my domain panel which I didn’t even know. Right now, I have initiated a trouble ticket to my host but I have a lot of domains hosted there and all of them are wordpress blogs. I think someone has broken into my panel and have done some weird stuff but I am unable to locate it. Thanks for your post though but I am very afraid at the moment.
March 17th, 2009 at 1:55 pm
I think we should take all available security measure to save ourselves on wordpress blogs. Especially if we have a lot of traffic then we can’t survive without these special security measures. I read a lot of snippets on security daily to save myself. I have a lot of blogs and it is not easy to watch them all.
March 22nd, 2009 at 2:30 pm
Our blog is slowly beginning to gain traction, and hackers is something which we are becoming increasingly concerned about. Our hosting company have told us that this should not be too much of an issue though, but you can never be too sure.
April 3rd, 2009 at 12:19 am
Nice post,
We must be aware that people outhere try to get benefits from our blogs which have real high traffics.
This article shows simple way to overcome such problem.
I guess everybody agrees with me, right?
April 9th, 2009 at 1:05 am
A few lines of perl could probably download a test post, strip out the bits that are expected to change and then calculate the size and compare it to the last run. You could even run such a test hourly and have it email you whenever there’s a change.
May 6th, 2009 at 3:19 am
Seriously though, they knew. I was a Monitoring Operator for years and you can tell.
1. The system would have stopped sending daily test signals. There was their first clue.
2. They would have received some sort of panel tamper when you removed the system.
3. They definitely would have received a communication trouble.