Secure Your Wordpress Installation Now

I just spent several hours over the past two days updating and securing my Wordpress installation. I also completely revamped one. (You can take a peek at my updated web design site, if you’re curious.)

While working on my own sites, I realized that many of you have Wordpress installations that need to be updated as well. One of my own clients, had an issue with Wordpress, which you can read about in the related posts section. I updated her site, and so far, no more issues.

Since security is such an important issue, and most business bloggers don’t think much about it, I decided to put together a list of to help you.

You can read my list of Wordpress Security Tips at my Watersweb Solutions site.

Did Google Label Your Blog Harmful?

A few months ago, one of my clients reported that her blog had been labeled harmful by Google. You can see this when you look at her site in a Google listing:

Now, normally, when a hacker injects code into a website, it is, in my experience, in the form of a file. They find an insecure directory (usually with 777 CHMOD) and upload a bad file to the site.

So when my client reported this to me, I scanned her files with a fine tooth comb — and found nothing.

I then upgraded her blog software, in an attempt to overwrite whatever file was messed up. Afterwards, I checked the dates on all files to make sure there wasn’t some rogue file sitting around messing everything up. Nothing.

But I have figured out what the problem is now.

Because Wordpress had a security hole in version 2.3, the hacker was able to inject the bad code directly into a post.

I’ve found the codes by doing a search directly on the blog for the term:

iframe

Then edited the post to remove the highlighted code.

Read this post to for more information on how to remove the downloader virus.

How to find out if your site is infected

UPDATE: Thought I’d add some more instructions on how to find out if your site is affected by this. If you have already found out that your site has been deemed harmful by Google, simply do a Google search on your domain name. your listing will look like the first screenshot above.

In your Google listing, click the title of your site’s entry. Google will then take you to a page warning you that visiting the site might be harmful to your computer. In the warning’s second paragraph, you’ll want to click the link to Google’s Safe Browsing diagnostic page. (This is the link to that page for Mundane Superhero.)

You’ll see a line that says something like:

Malicious software is hosted on 1 domain(s), including wp-stats-php.info.

What to do if you’ve been hacked

If you follow the instructions above and discover that your site has been hacked, you’ll need to follow the original instructions in this post to remove the code from your blog posts.

Next, read Google’s instructions for sites that have been found to have malware.

At the end of this post, you’ll see instructions for signing up for Google’s Webmaster Tools (Which I highly recommend!), verify your site, and requesting a review of your site.

BBB Warns Of Phishing Scam

The Better Business Bureau is warning all businesses in Northwest Florida of a spoofing scam using the BBB name and a false BBB e-mail address to entice recipients to access potentially damaging hyperlinks.

Read more here…

IE7 May Damage Your Online Reputation Without Your Knowledge

According to a post at WebProWorld, a legitimate website owner tested his shopping cart in Internet Exploror 7 RC1. During the checkout process, the browser popped up a window telling him that his site was a “potential phising site” and to not give his information to the site.

What is a phishing site really?

A phishing site is a site that masquerades as a legitimate business. It tries to entice people to enter their personal information, which the owner of the site then uses for identity theft purposes.

So, what is happening is that IE 7 is arbitrarily accusing legitimate site owners of being thieves!

I’m sure you can imagine what will happen to your online business when your customers upgrade to IE 7 and receive a notification on a page of your site, stating that you are a phishing site. Not Good!

According to BJ Novack, what’s even worse, is that you have no way of knowing that your site is being flagged, unless you check every page in IE 7:

My biggest concern though is if you don’t check your sites you don’t know you have a nice big window stamped on it saying “Suspicious website ….. Microsoft recommends that you do not give any of your information to such websites”.

As it appears anyone can vote against your site and as you get no warning of it, there’s now another job of periodically checking to see if your site is/is not on the black list. Worst of all you seem to have to go page by page to find if the site is flagged.

In my case it was a payment page that was flagged not the rest of the site, therefore a cursory look would not have revealed the problem.

So what can you do?

I recommend you install IE 7 on another computer at your home or business (not your main computer, because it wipes out IE 6 in the installation process) and check your websites. If you don’t have an extra computer, find a friend or colleague who does and ask them to review every page on your website and go through your entire order process. If you find that your site is flagged, make sure you or your friend follows the instructions to report the error to Microsoft.

And that’s not all

Apparently McAfee and Firefox have Phishing filters in their new versions as well. And in all three cases, people can report your site as a phishing site. Which means that even if you check your site and aren’t flagged today, or you reported the flag and had it removed — it can come back.

Who has time to check every page of their website everyday for this kind of stuff???

I’m going to keep an eye on the WebProWorld thread. I’m also going to check my sites to make sure they aren’t flagged. If they are, I’m going to report the error. Also, if the flag appears when someone leaves my site to pay via Paypal, for example, I will let the third party processor know.

My request

If you are using IE 7 and you are attempting to make a purchase through a site that you have dealt with before and have had a good relationship with, please let the site owner know that they are being flagged. I am sure that they will greatly appreciate your help.

I know I will.

Thank you!

P.S. One possible solution to tracking this issue is to install a site meter, such as Sitemeter and make sure you have it on your checkout pages. Then keep an eye out for people leaving the checkout process without paying. This could be your alert that something is awry in the system. Sitemeter will also tell you what browser the people use. If you start seeing people leaving your site in the middle of the checkout process, or at a specific page, I recommend you or a friend check your site with IE 7.

Note: It is possible to install IE 7 without overwriting IE 6. Just follow the instructions in this weblog.