June 17, 2010
As project managers, web designers, and freelancers, we deal with a multitude of issues, especially when it comes to content management systems. For me, most of the issues arise in WordPress as it’s my choice CMS for clients. The most serious of these issues is dealing with hacked client sites where either spam has been placed, or more detrimental, malware.
So as project managers, web designers, and freelancers, we must by default become quasi experts in security. No problem. It adds more fun to the challenge.
Combating security breaches should fall into two camps (which are obvious if you’re a long-time reader of this blog): proactive and reactive. Proactive is preventing the problem before it occurs while reactive is after the fact and how to perform damage control.
First, never underestimate the damage a spam or malware link can do to your client’s website. A strategically placed barrage of spam links can reflect in search engine listings, which could take days, if not weeks, to reverse. Malware links, which are usually script or iframe calls, can cause the ire of Google and Mozilla, both of which subscribe to an internet malware watchdog group. Under this coalition, you could find a client’s site tagged in Google searches as being unsafe due to malware and inaccessible via Firefox and Chrome among other browsers, with a big red warning to greet visitors.
That’s not good, especially if your client relies on their site for income. Unfortunately, I’ve been on the receiving end of a malware attack, and the results aren’t pretty.
With that preface in mind, prevention is the obvious course. Here’s what you can do to sleep better at night:
A WordPress hacking incident will more than likely occur at some point in your life. It sucks and the ensuing mess is no fun to deal with. Fortunately, it’s not the end of the world, and there are some pretty solid ways of cleaning it up.
Remember that there’s a difference between a spam attack and a malware attack. A spam attack is the infusion of junk links in the code (or worse, in rogue plugin files, which are harder to find) so that search engine results will pick them up. This may not necessarily be flagged by Google as malware, making detection a bit fuzzy.
A malware attack, on the other hand, is usually a simple case of an illegal login into the site and the placement of a script or iframe tag. Google routinely scans sites for calls to malware files such as these and will subsequently raise the warning flag. Hopefully, you’ll have had Google Webmaster setup so that notification can be sent if that flag is raised, though Google makes an earnest attempt to email the site owners regardless.
Once the attack has occurred and you awake to the nightmare, here are some ways to deal with it:
Many people advise performing an after-the-fact investigation into what happened post-attack. This is a good move in that it can provide a unique analysis of the flaws in your client’s site, the hosting operation, database software, or some other area of potential weakness.
The best place to start is by executing a simple search in Google for any recent issues regarding the web host and security problems. For examples, in the attacks I recently experienced, there were a couple of articles pertaining to my provider, Rackspace:
These resources can provide valuable analysis on a specific attack as well as a means to stop and remove them. In addition to these resources, you should also consider reviewing logs, if available, to see if you can pinpoint where the attack originated. This might not always be possible, but the more information you can gather, the better. It may even be prudent to contact the web hosting company to see if they’re aware of the problem, and if they’re at fault, what’s being done to rectify the situation.
WordPress hacking sucks; there’s no doubt about that. Remain vigilant and help protect your clients from the dreaded malware warnings slapped down by Google and others. Otherwise, your client could lose confidence in their website as well as visitors and revenue.
Have a question or comment about this post? Drop me a line!