Read this post, check your WordPress set-up and don’t get hacked!
When I first started blogging, several years ago, I initially set-up numerous blogs on subjects that I thought would make me an income. The subjects were not subjects I had much passion about. Hence I got bored.
The blog creation became a chore and I stopped updating them.
When I say I stopped updating them, I no longer added any blog posts and I didn’t update WordPress or any plugins.
I left them dormant and I have not touched them or even looked at them…in many, many months.
I know I’ve written many times about keeping your WordPress blog safe and secure and keeping it up to date and don’t get hacked…
Well…last week several of these ‘old’ sites were hacked.
The hackers had found a way in and were redirecting visitors to other sites.
I removed the hacker’s code…only to find the code back a few hours later.
The hackers had found a ‘back door’ and I had to find it and slam it shut!
After several hours of investigation and research, I found the problem.
Several of my old sites had an insecure piece of software in their set-up, called timthumb.php.
I updated timthumb to the latest version and removed the hacker’s code.
So far, the door looks shut and all is secure.
What’s the moral of this story?
Keep your software, WP version, themes, plugins up to date – even if you are not adding blog posts to your sites anymore!
You can use this plugin to check if you have an old version of timthumb installed:
Oh yeah, that’s a major big deal. Can’t remember when I first learned of TimThumb but it highlighted the importance of updating software.
I had a blog where the hackers injected black hat links in my content.
The liks could only be seen in the code and not on the visual part of the blog.
I found out it was hacked when I looked up the most used keywords in Google webmaster tools.
I knew I never used keywords like viagra and other pharmacy products, still it was according got GWT the most used keywords onm my site.
I did not use the timthumb.php. Script, and I am not quite sure where the hackers got in. It my be the files on the server had write access and the server was shared.
Bjorn
Wow…now that is scary!
I hope you were able to ‘shut the door’.
Andrew
Corinne
You use the Thesis theme and that theme does use the TomThumb code.
Yours is up to date – I made sure of that!
Andrew
Thanks for the hint Andrew. I routinely update everything on my blog, themes, plugins and the rest but now I’ll go testing for TimThumb, just in case.
Have a great day!
Hi, Few days ago I found this prob for my word press account. I don’t know how but there are changes in my admin email and password. fortunately I have another account there of my friend, and I got in and deleted the hacker’s account………
By the way, it seems we can’t unsubscribe from comments on this blog; at least it keeps telling me I don’t have a valid key to access the page that the link takes me ot.
Mitch
Thanks for letting me know – I appreciate it and am sorry.
I’ve changed the plugin I use now.
Andrew
Woa… I just started a new blog. I think I gotta bookmark this page. It’s going to be very useful! Thanks a lot for sharing this.
Hi Andrew, Fortunately, I have had no such experiences with hackers. Naturally, that is one of my worst nightmares. (Time to make back up files just in case.) And, I am forewarned to keep updating! Thanks.
Hi David,
I mostly activate minimum plugins in my sites I recently used timthumb in my blog but after your warning I think i need too install timthumb vulnerability for save end.
Hi Andrew,
That sure is a bummer. Thanks for informing us about TimThumb. Your experience here serves as a reminder that a blog owner must always update his or her software, themes, plugins and WP version.