Blog Post

19 May 2015

Your website has been hacked, and you didn’t even know it!

“Your website has been hacked, and you didn’t even know it!”

Unfortunately, that’s the news that I’ve had to deliver to quite a few clients lately who host their websites on “shared” web hosting services, or hosting companies that do not actively update their clients’ websites.

Most recently, I was moving a client’s website to a Managed WordPress Hosting service, and I logged in to grab a backup of the site to move. As soon as I looked at the files, I knew instantly that they’d been hacked.

hacked_wordpress_files

I stare at WordPress files all day long, so that file named indonesia.php stuck out like a sore thumb because it didn’t belong with WordPress files.

I was hesitant to open it up, but I did and luckily it wasn’t anything dangerous … just mischievous.

hacked_wordpress_file2

If you read my last blog post answering the question “Is WordPress Safe?” you’d know that I listed three common reasons hackers hack websites. Here’s a review:

  1. Redirect – send website traffic to another site, such as selling knock-off sunglasses or medicine, etc.
  2. Deliver Mal-ware – infect your browser with pop-ups and other annoying behaviors.
  3. Relay Spam – use your website to send spam email.

In this case, I’m going to add a new reason to the list …

For fun!

That’s right, you heard me correctly … many hackers just hack sites for fun. It’s a contest, and they post their exploits on websites with a scoreboard ranking hacking groups with the highest number of hacked websites per week.

So this particular website that I recovered had been hacked just for fun.

It was hacked months ago!

This is the important part … the website had been hacked almost three months ago!

The owners of the website hadn’t updated their plugins in months, and as a result a security vulnerability was exploited by this hacker. It’s a good thing the hacker did not do anything more malicious!

“So how do I know if my website has been hacked?”

We’ve had several clients recently call Juice Marketing asking about website re-designs, and in the course of looking at their current website, we discover that their website had been hacked and was either relaying spam or redirecting to other sites for a long time.

In light of all this hacking activity, we are now offering a quick “check up” service.

Get peace of mind knowing your WordPress website is safe.

Fill out this form, and we’ll check your site for you.

  • This field is for validation purposes and should be left unchanged.