Read this post, check your WordPress set-up and don’t get hacked!
When I first started blogging, several years ago, I initially set-up numerous blogs on subjects that I thought would make me an income. The subjects were not subjects I had much passion about. Hence I got bored.
The blog creation became a chore and I stopped updating them.
When I say I stopped updating them, I no longer added any blog posts and I didn’t update WordPress or any plugins.
I left them dormant and I have not touched them or even looked at them…in many, many months.
I know I’ve written many times about keeping your WordPress blog safe and secure and keeping it up to date and don’t get hacked…
Well…last week several of these ‘old’ sites were hacked.
The hackers had found a way in and were redirecting visitors to other sites.
I removed the hacker’s code…only to find the code back a few hours later.
The hackers had found a ‘back door’ and I had to find it and slam it shut!
After several hours of investigation and research, I found the problem.
Several of my old sites had an insecure piece of software in their set-up, called timthumb.php.
I updated timthumb to the latest version and removed the hacker’s code.
So far, the door looks shut and all is secure.
What’s the moral of this story?
Keep your software, WP version, themes, plugins up to date – even if you are not adding blog posts to your sites anymore!
You can use this plugin to check if you have an old version of timthumb installed: