Hijacked search results on WordPress websites

We recently had to fix a WordPress website that had been sneakily hacked so that its Google search results redirected to spam sites.

The hack was not your typical WordPress infection, but was much more tricky to locate and remove, and since that attack, we found a detailed write up on the Sucuri blog about how Hackers are managing to infect WordPress Websites in new ways so that core files are being modified which means a hack can be much harder to find and fix.

WordPress hacks are bad enough, but when your Google Search engine Result is showing your website advertising spam/porn sites, its not good for business so you want to get it sorted and removed from Google very quickly.

How to protect your WordPress website

Prevention is always better than a cure, so here are some tips to keep your WordPress website free from nasties.

  1. Get decent WordPress website hosting from a reputable company.
  2. Always keep your WordPress version updated to the latest release.
  3. Update your WordPress plugins when new versions become available.
  4. Install Security plugins such as WordFence or Sucuri Scanner.
  5. Delete any unused plugins and themes not in use.
  6. Ensure your username and password is NOT admin/password.
  7. Install an SSL cert on your website.

Most on this list should be carried out when your website is built, however, its never too late to start protecting your WordPress website from hack attacks, and most of the above shouldn’t be too hard for your to do on your own.

If you aren’t tech savvy and are worried you might break your website, or if your WordPress website has recently been hacked and you don’t feel confident fixing it, why not contact the friendly folk at Kinski & Bourke and let us do the dirty work for you.

Creating beautiful websites since 2006