I started talking about WordPress security after my blog was hacked. It was not much fun admitting that it was, and it wasn’t fun cleaning it up. But it was a good opportunity to help everyone by letting them know what was up.
Like Microsoft, WordPress’s popularity leads to a lot of people wanting to use it. A lot of people using it leads to a lot of other people wanting to abuse the people who use it.
Many started speculating that Trulia got penalized by Google. I can understand why that might be a popular notion given some of their practices from the past, but in this case, one of the Dawgs uncovered the apparerent problem. HT to Eric Bramlett for the find.
As Eric correctly pointed out when we started talking about WordPress security back in the day, the best thing to do is set a Google Alert, for site:mydomain.com +viagra (or +cialis and several other terms commonly used by these hackers).
If someone has hacked your WP blog and inserted links to poker, porn and pharmaceuticals, you will then know it and can find the problem and take action by filing a reinclusion request.
As Eric Bramlett points out, the team at Trulia should have this corrected shortly. (at least that’s how it typically works). This will be a pain for them, but a good opportunity to remind us all to stay secure out there.
Tony Sena says:
I wish something could be done about these damn hackers! They have nothing better to do then hack other people’s websites!
February 4, 2009 — 12:50 pm
Eric Blackwell says:
I agree with you Tony. It is a shame. It (WordPress) is hugely popular, which makes it a big target for them too.
Speaking of, I hope your upgrade at WannaNetwork went smoothly?
Best
Eric
February 4, 2009 — 1:44 pm
Ryan Martin says:
Bramlett is a hound dog. Nice discovery Eric! I have been hearing more and more about WordPress blogs getting hacked. Sounds like someone took a big swing in taking down Trulia.
February 4, 2009 — 2:05 pm
Joe says:
Ours got hacked when the newest version came out. I had it fixed and was told the vulnerability is in allowing folks to register. I found help and resources here: http://wordpress.org/support/topic/227867
February 4, 2009 — 4:16 pm
James Boyer says:
Great Discovery Eric Bramlett. I wish that the hackers would be seriously pursued and slapped with criminal charges. Thanks for the warnings as well. I will have to setup a few more google alerts.
February 4, 2009 — 4:36 pm
Brian Kinkade says:
Thank you for the heads up Eric. Never can be too safe these days. Thank goodness we have both Eric B’s on point.
February 4, 2009 — 6:00 pm
Rudy says:
Hi Eric!
Good post and tips. The popularity of WordPress as you mentioned attracts both the good and the bad. Keeping your version up to date and taking the necessary security precautions is key. As you and others mentioned today, our Hindsight blog was indeed hacked. We didn’t really update it as we do our Trulia blog so we decided to shut it down. http://www.hindsight.trulia.com is fine now and Trulia.com was not affected by this.
Also, coincidentally, on a unrelated note, some of our search results pages are not indexing as they did before. We’re still looking into it and will keep everyone up to speed. We submitted an inquiry via Google Webmaster tools but it doesn’t seem like a penalty so we’ll just have to wait for Google to get back to us.
Have a good night!
Rudy
Social Media Guru at Trulia
February 4, 2009 — 10:17 pm
Sean Purcell says:
Eric,
I appreciate you so much. You are protecting me from stuff that is six steps ahead of anything I understand yet. I figure I saved at least a dozen knee scrapes so far thanks to you and Mr. Bramlett.
You’ve heard it before but it bears repeating: what you guys do makes a difference. Thank you.
February 4, 2009 — 11:08 pm
Eric Blackwell says:
@Sean- You are more than welcome…(not even close to payback for what I learned just chatting with you in Orlando and from your posts) Bramlett did the heavy lifting here. I just typed out a quick memo. grin.
@Rudy- a) Sorry you guys got hacked. Never fun. b) (different issue) You are correct about the ranking of your city real estate pages. Many of them appear to have dropped big time.Doesn’t act like a traditional penalty, but the effect is the same. I am sure your guys are on it. I found several possible reasons with just a brief look (and a little homethinking among other things.)
It will be interesting to see February’s traffic figures among the national real estate sites with this turn of events. Pretty good sign of how strong G! really is. ๐
FTR- One of the agents in our office received your Trulia vs R.com “Pepsi taste test” ๐ email and sent it to me. Made me smile. I am too buried with real work right now, but I have an upcoming post about that…grin.
Have a good one!
Eric
February 5, 2009 — 4:27 am
Susan says:
Good idea about the alerts. Thanks to both Erics. Its a shame we have to spend our time on this stuff, though, don’t you think?!!
February 5, 2009 — 7:56 am
Robert Kerr says:
So how does a WordPress website get hacked?
User error / weak password?
Some other WordPress vulnerability?
February 8, 2009 — 9:27 pm
Kyle Hogan says:
I almost feel sorry for Trulia. ๐ You think they would do more to protect their site from hackers.
Thanks for pointing out Eric Bramlett’s blog post.
February 9, 2009 — 11:10 am