The day before I started working on Helen Fletcher’s food blog, TheArdentCook.com , it was hacked. Specifically, someone got into her site and posted spam blog entries about how to make money from home (or something like that).

It could have been MUCH worse!!

LUCKILY she was still able to get into her website as an administrator. LUCKILY the spam blogs didn’t point to viruses or illegal content. LUCKILY we caught this within a few hours, before too many people saw the spam entries. LUCKILY none of her content was deleted!!

This is what I did to resolve her hacking issue:

1. I deleted the spam post (unfortunately, it was still in her RSS feed, but not much you can do about that)
2. I deleted the spam-blogger. They’d somehow made themselves administrator.
3. I contacted the webmaster where the spamblogger originated from (it was a business domain, not gmail or yahoo), advising them that they had a spambot using @theirdomainname.com
4. I had Helen change her password to something random and secure, and I changed my password, too.
5. Updated WordPress and ALL the plugins
6. Disabled plugins she wasn’t actually using
7. Set all comments to require moderation
8. Disabled new user registrations
9. Backed up her site, and showed her how to make regular backups herself.
10. Read up on how to have a more secure WordPress site and what to do incase of a hack, and followed the applicable instructions.

I ultimately think that this hacker got in thru an outdated plugin that may have left her site open to user permission changes; they weren’t posting “as” her.

This was a new experience for me! As a matter of routine, I always use secure passwords and keep my WordPress plugins and core updated. I also do not allow new user registrations, unless it’s a setting absolutely required (for example, the resort website that I created- the booking system required new user registrations). None of my sites have ever been hacked or even had a scare.

Needless to say, this was a big learning experience and re-enforced the preventative measures that I’ve been taking all along.

I’m happy to help anyone else with taking simple steps to preventing their sites from being hacked, and I love helping people with WordPress in general.