Many self-hosted WordPress sites have recently experienced security issues.   The host’s database was hacked, and code was added to the blog’s files. This potentially infects the reader’s computers with a virus.

Signs of Infection

If you’ve noticed your WordPress admin panel appears to be broken with all the links and boxes in disarray, your blog is probably infected. If anyone reports visiting your site and only seeing it for a split second before their browser changes to look like it’s scanning for viruses, you’ve been hacked.

What The Viruses Do

While there are several viruses floating around,  the most popular one is programed to launch and infect a reader’s computer when they visit your site immediately after visiting a Google page. This could be after reading your post excerpt in their Google reader and clicking through to read the whole post.  It could also happen if they find your post via a Google search, or visit you directly after leaving Google. The virus is not Google related in anyway.  However, the creator of the virus knows the power of Google is taking advantage of it.

How to Secure Your WordPress Site

It’s very important to take measures to keep your WordPress site clean. Following these simple steps will help ensure your site is as safe as it can be:

1. Edit your wp-config.php file.

This file is found in the root directory where your WordPress files are stored. You can access this file via the File Manager of your hosting account, or via FTP. When you open this file, scroll down about half way. You’ll see a block of 4 lines of code. There should be a unique security key here. If you don’t know if it’s the actual key or just an example, use the link found just above to generate one. Then copy and paste the keys into your wp-config.php file and save it.

2. Delete Your ‘admin’ user.

Create a new username for your WordPress site and give it Administrative permissions. Logout of the ‘admin’ account and login with the new user account you just created. Go to Users and delete the old ‘admin’ account. When prompted, attribute all of ‘admin’s posts to the user you just created. This will keep all of your posts in tact while deleting the default admin user account. The reason for doing this is, hackers know most bloggers are using the default ‘admin’ username. This means all they have to do is figure out your password! Changing the user gives them one more thing to get past…

3. Install WP Secure

This plugin will scan your files and folders for security holes and tell you where to change things to help protect your site. Get the WP Secure WordPress Plugin then follow the instructions for securing your site.

A Few More Links for You

Read about my experience with hacked WordPress sites on shared hosting.

If you’ve already been hacked, check out these posts for instructions on removing the infected files:

WordPress Hacked | Case study

Hackers Crack Into Shared Hosting WordPress Blogs – Here Are Some Fixes

If you’d like to learn more about internet security, and keeping your computer safe from all the hacked sites out there, visit Internet Security by Jimi Jones.