Secure Your Wordpress Installation Now

I just spent several hours over the past two days updating and securing my Wordpress installation. I also completely revamped one. (You can take a peek at my updated web design site, if you’re curious.)

While working on my own sites, I realized that many of you have Wordpress installations that need to be updated as well. One of my own clients, had an issue with Wordpress, which you can read about in the related posts section. I updated her site, and so far, no more issues.

Since security is such an important issue, and most business bloggers don’t think much about it, I decided to put together a list of to help you.

You can read my list of Wordpress Security Tips at my Watersweb Solutions site.

Did Google Label Your Blog Harmful?

A few months ago, one of my clients reported that her blog had been labeled harmful by Google. You can see this when you look at her site in a Google listing:

Now, normally, when a hacker injects code into a website, it is, in my experience, in the form of a file. They find an insecure directory (usually with 777 CHMOD) and upload a bad file to the site.

So when my client reported this to me, I scanned her files with a fine tooth comb — and found nothing.

I then upgraded her blog software, in an attempt to overwrite whatever file was messed up. Afterwards, I checked the dates on all files to make sure there wasn’t some rogue file sitting around messing everything up. Nothing.

But I have figured out what the problem is now.

Because Wordpress had a security hole in version 2.3, the hacker was able to inject the bad code directly into a post.

I’ve found the codes by doing a search directly on the blog for the term:

iframe

Then edited the post to remove the highlighted code.

Read this post to for more information on how to remove the downloader virus.

How to find out if your site is infected

UPDATE: Thought I’d add some more instructions on how to find out if your site is affected by this. If you have already found out that your site has been deemed harmful by Google, simply do a Google search on your domain name. your listing will look like the first screenshot above.

In your Google listing, click the title of your site’s entry. Google will then take you to a page warning you that visiting the site might be harmful to your computer. In the warning’s second paragraph, you’ll want to click the link to Google’s Safe Browsing diagnostic page. (This is the link to that page for Mundane Superhero.)

You’ll see a line that says something like:

Malicious software is hosted on 1 domain(s), including wp-stats-php.info.

What to do if you’ve been hacked

If you follow the instructions above and discover that your site has been hacked, you’ll need to follow the original instructions in this post to remove the code from your blog posts.

Next, read Google’s instructions for sites that have been found to have malware.

At the end of this post, you’ll see instructions for signing up for Google’s Webmaster Tools (Which I highly recommend!), verify your site, and requesting a review of your site.

Wordpress Video Tutorials

Many of you have chosen to use Wordpress for your blogs — and some to power your entire site. If you’re new to Wordpress though, figuring out how to make the software do what you want it to do can sometimes be a big confusing.

Teli Adams has a wonderful blog-related website called optiniche.com and it has some Wordpress video tutorials that will help you learn how to use the software.

She also has a lot of great internet marketing information, so feel free to snoop around her site.

Blogger

Bloggers is the blanket term for anyone that uses a blog to post information on topics that are of interest to them. Becoming a blogger is actually simpler than it might seem. As blogging has grown in popularity, many website offer platforms to quickly and easily create a blog.

Some of the most popular blogging software platforms are Blogger, Livejournal, Typepad, Wordpress and Xanga. These websites will host your blog, generally for free, and provide you with the tools to create blog posts without having to know a lot about software.

I recommend using Wordpress. This software is easily installed through your hosting control panel if you are using Watersweb Hosting or Shop Kit Plus. Once it is installed, you can choose from several free themes to install on the site, or you can hire a Wordpress web designer to make the blog match your product selling site.

Upgrade NOW If You Have The 2.1.1 Version Of Wordpress

Wordpress developers just released a new version of their software to combat a security breech injected into the files.

You can read more about this critical Wordpress update at the site.

Get The Spam Off Your Wordpress Blog

My friends at Mom Masterminds know everything there is to know about internet marketing — including how to use a weblog for business. And even more importantly, they know how to keep the spam off of it.

So naturally, when I decided to start this weblog, I turned to them for advice.

How do I keep spam off my weblog?

The answer: Spam Karma 2

This plugin is amazing. You install it, adjust a couple of settings and then let it run. It couldn’t be simpler.

So far, on my two wordpress blogs:

• Spammers: 0
• Spam Karma 2: A bazillion