Several of our clients had their WordPress blogs hacked. A malware Javascript was used to load bogus sites was injected into the page footers.

How can you tell if you have this problem on your WordPress site or blog?

This particular script, is easy to spot from how your site reacts even though it is not visible in the content. When you visit your site [or blog], instead landing at the top of the page where you would expect to start, the script immediately takes you to the bottom of the page instead. If it does this, then there is a strong likelihood you have this malware on your WordPress.

If you use Firefox for your web browser, you may get an ugly warning page that your site has been reported as an attack site. Not fun. You will not be able to access your site at all… anywhere. This can make it harder get to rid of the problem because you may not be able to access your site admin area. Internet Explorer did not block entry to the sites because of this particular malware.

What should you do if this has happened to your WordPress?

If you can access your WordPress admin area using your web browser, then it’s relatively easy to get rid of the malware script. This particular exploit only affects one file, named footer.php.

You can edit this by going to Appearance=>Themes=>Editor and opening this file in the editor pane. The files are all listed to the right hand side of the pane.

Now you edit the footer.php file to remove the script. It will look like this screenshot of the one we removed from several sites.

Screenshot of malware javascript

Select the entire script with your cursor being careful not to touch anything else. Delete it and save your changes. Your site is clean again.

WARNING: If you needed these instructions, you are not someone who should be doing this on your own and we so we wouldn’t normally recommend you even attempt this yourself. But it’s simple deletion so we thought we’d include it here. Even so, if there is any doubt in your mind about whether you should be doing this yourself, get help. If you don’t have a web person, contact us for help

If you are one of the unlucky ones who have been reported as an attack site, you will need to submit your site to Google for it to be declared clean otherwise visitors may not be able to access your site for some time.

It may be cleared without submitting it but it will definitely take much longer. Posting right away and each day for a few days will alert the search engines to spider your site and find a clean, malware free site.

Stay tuned for our next posts where we will discuss how to submit your site to Google Webmaster tools for review and what you can do make your WordPress more secure from this type of an attack.

As a web developer/designer, and SEO optimizer, I totally believe in blogs. A blog informs your customers / clients about you, your products/ services, your events, whether personal or business, and much more. A blog also introduces readers to your website.

As well, a blog can increase credibility. Why? Because people get to know and trust you. You become more than just a name. I have been blogging for a number of years now and I have seen the difference when I blog often and when I haven’t ’cause of lack of time.

I started a new blog just over a year ago for a specific topic. This has been very interesting, and learning experience. Over this past year, on this specific blog, just an example the Alexa is almost equal to my business web site rating. From this experience I do have to say that I do believe, even more so, that blogging not only works but it goes beyond that.

Is having a blog enough? Yes but — BUT.… submitting a blog to blog directories, sharing it through social networking, adding images, audio, video and RSS… all of these are critical. As in all things, it grows.

As I said many years ago, and I still say today, for a blog to be effective you need to “blog”. In other words, you need to update often, keep people interested and informed, invite comments. Of course, make sure you host the blog on your own url. Even better, buy a domain name just for your blog host it on its own is an even better way to make people aware of your blog and your site.

So, yes I do think a blog is worth it — do you? Would love to hear your comments.

Jan

Read more articles like this here: http://www.jbcr-virtualsolutions.com/tips-and-articles.html