Sounds ominous, doesn’t it? I am seeing articles that are saying that these new attacks exploit WordPress installations–anywhere. But there are a few things you can do–because the exploits being taken advantage are include your basic username and password combination.
What can you do:
- CHANGE YOUR PASSWORD. If WebsByAmy (me) set up your username/password for your WordPress dashboard, the username is NOT ‘admin’ and your password is upper and lowercase letters and a few numbers. However, if you’ve changed that or added an administrator or if you currently have a text based password you ‘use for everything,’ CHANGE IT NOW. READ THIS article for some tips.
- UPDATE YOUR WORDPRESS. Are you updated to the latest version of WordPress? On your Dashboard, you’re told if you are not. Follow the directions to upgrade. What about it saying ‘back up your configuration’ before you do this? If you host with me, I have nightly backups, I can take you back to yesterday. If you don’t host with me but your hosting gives you cPanel–OR if you host with me and want your OWN personal backup of your entire installation (mailserver settings, etc.) watch this video.
- UPDATE YOUR PLUGINS (actually do that before you upgrade WordPress). EVEN the ones you aren’t currently using… sometimes plugins have security exploits so even if they aren’t active, they need to be updated–so just delete unused plugins.
If you have any questions, drop me a line.
I've had this question a lot, so I thought I'd do a quick video, if you can't see the video (i.e., if you are reading this via an email update), go to www.websbyamy.com/blog.
I'm taking requests… if you have a WordPress question and I have the time… I'll do a short tutorial. I've had this request twice this month, so I've decided to post an article.
- Log into your dashboard and click on >Posts >Add New
- You will notice the "Publish" menu just to the right of the article window
- click on 'Visibility"
- Check the box 'Stick this post to the front page'
- Click OK (the drop down will collapse)
- Click 'UPDATE' or it won't save
The blog WPKube.com has posted an excellent article entitled 'The WordPress Handbook–55 Resources for First Time WordPress Users at:
Last year, I had a client contact me regarding her articles showing up on someone else's site. She was confused as to whether her security was breached somehow with her site, etc. and was very frantic to fix it.
Congratulations, you've been robbed… and strangely, it wasn't a competitor, it was someone who had a 'purely' affiliate based income site who was stealing from many different authors in order to drive traffic to his site in order to sell from his affiliate links.
Before I go on, I saw this excellent article that you might want to read regarding this issue.
I was in that position several years ago. I have some WordPress 'how-to' articles on my site and a scraper grabbed them (videos and all) and put it on a 'Wordpress How-To' site that was pretty much 100% stolen articles embedded in an affiliate link laden site. I found it because my dashboard showed 'incoming links' to my site from theirs.
I posted a 'comment' on his site, demanding he remove my article or give me credit (no shocker the post went into 'moderation' never to be seen) and emailed the 'WHOIS' contact. After a day or so, I went on WordPress.org and published a link to my article and then to his article (he didn't even take out my example link that linked back to my site, LOL!) and in all innocence asked for help. Well, the internet hath no fury like this type of thing happening. Apparently according to the responses I got on WordPress.org, his entire site was scraped articles.
I was THEN (within hours of publishing the complaint) contacted by the site owner who claimed he paid someone to build traffic and removed the article HOWEVER he was being bombarded with angry comments from WordPress.org… could I please remove my complaint (or the link). Well, guess what? WordPress.org reserves the right to allow editing and removal of posts… after a certain point, I was not able to remove it and he ended up taking his site down (probably moved it). I don't know if he would have bothered responding if I hadn't, but I really only posted to get advice.
Don't you love it when you are around to witness Karma in action… it makes you want to take the day off!