Hacked!

New Release Tuesday will be on Wednesday this week because I spent most of my day yesterday battling HACKERS! True Up was hit by the so-called WordPress Pharma Hack. I happened to ego-surf on Google and was horrified to see that instead of True Up the link to my site was replaced with online pharmacy spam. The link still worked, and in fact the site was spam-free to people visiting the site directly. This hack only affects Google’s view of the site, which is part of its evil genius — it can take a long time for the site owner to notice that something is wrong. The hackers are trying to boost their own search engine rankings while in effect destroying your own. Fortunately I caught it before I experienced a significant traffic dip.

So, the PSA: If you don’t already, perform a Google search on your own site regularly. These hackers frequently target WordPress blogs, though other websites can be attacked too. Take all the steps you can to secure your files. If you have been hit, follow the instructions in Pearsonified‘s post — it came to the rescue for me.

Further reading:

WordPress Support Forum Thread on the Pharma Hack
Understanding and Cleaning the Pharma Hack on WordPress on Sucuri
How to Completely Clean a Hacked WordPress Installation
Top 5 WordPress Security Tips You Most Likely Don’t Follow

I’m certainly not thankful this happened to me, but I’m glad I could fix it relatively quickly and as a result now have a more secure site. I hope this information will help some of protect your own websites!

4 Comments

  1. Kim, sorry you got hacked. I am the author of one of the cleanup guides you posted.

    Could you do me a favor and drop me a line please? If you don’t mind, I’d like to ask you a couple of questions about the files you found, and a give you a couple of other things to look for. There might be some things that you missed, just so you know.

  2. Lili says:

    Thanks for the heads up Kim!

  3. Kathleen says:

    Just so you know, I think the problem is still going on as of 9:15 pm PST on Wednesday. I just Googled Alexander Girard fabric, and while trueup came up on the first page, all the copy was about prescription medication.

  4. @Kathleen – the text snippets you see for sites in Google search results are not live. It will take a while for Google to re-spider and display the cleaned up content.

    @Kim – along those lines, if you register your site with Google Webmaster Central you can submit what is known as a Google Reconsideration Request, which can help speed up the re-spidering in some cases, and can help prevent any penalties you might accidentally incur from having your site display spam.