Hacked WordPress Blog Cleanup
Your WordPress blog can be hacked due to compromised FTP credentials, an insecure web host, a vulnerable plugin, a weak password, or an outdated WordPress installation. When a WordPress blog is hacked, the hack is used to insert malicious code that performs one or more harmful activities. Hacks can have a serious impact on the traffic that the blog receives. A hack that distributes malware can cause your blog to be blocked from visitors and a hack that inserts spam can cause the blog's search rankings to drop or cause the blog to be removed from Google's search engine. If your WordPress blog has been hacked we can clean it up for you, attempt to determine how the blog got hacked, and help you to secure it against a future hack. Hiring us will ultimately save you time and money over doing it yourself or hiring someone who doesn't know what they really should be doing (which seems to be pretty common based on the number of times we are brought in to clean up after a hack has returned).
Please feel free to contact us to receive a free consultation on how to best deal with your hacking issue. If you are not sure if your blog is hacked, we can perform a free check to confirm for you if your blog is in fact hacked.
To support the continued improvement of the security of WordPress we have created a plugin that detects installed plugins that have been removed from the WordPress.org Plugin directory (plugins can be removed from the directory for unresolved security vulnerabilities), a plugin that allows performing the update process over a HTTPS connection, and a security vulnerability bug bounty program for WordPress.
Some of the most prevalent activities preformed by the malicious code are inserting hidden spam links in the blog's header or footer, creating spam pages, redirecting visitors to another website (check if a web page is redirecting when accessed from Google), and attempting to install malware on the computers of visitors to the blog. Currently there have many attacks due a vulnerability in older versions of the TimThumb software.
When the hack inserts hidden spam links or creates spam pages, your search rankings can drop significantly and Google may remove it from their search engine's index if they detect hidden text, cloaking (check if a web page is cloaked to Googlebot), or other violations of their quality guidelines. Google may also place a "This site may be compromised." warning on the blog's search results. If Google has removed the blog they will place a "Notice of Suspected Hacking" message in their Webmaster Tools indicating that this has been done. When the hack inserts code that attempts to infect the computers of visitors to the blog with a virus, trojan horse, drive-by download, or other type of malware (malicious software), not only could your visitor's computers become infected but your blog may also be blocked from visitors. The blog may be flagged and blocked by the Internet Explorer ("This website has been reported as unsafe"), Firefox ("Reported Attack Site!"), Safari ("Warning: Visiting this site may harm your computer"), Chrome ("The Website Ahead Contains Malware!" or "Danger: Malware Ahead!"), and Opera ("Fraud Warning") web browsers. It may also be flagged and blocked in the Google ("This site may harm your computer.", "This site may harm your device."), Yahoo ("Warning: Hacking Risks"), and or Bing search engines as well as Google's AdWords advertising service and Twitter ("unsafe link"). The hacker can also place a backdoor script that allows them remote access to the blog to make future changes to it.
To clean up the blog, we will review the blog's files and database for code inserted during the hack and remove that code. Checking and cleaning the blog's files takes a few hours. If the blog is running on an old version of WordPress, the current version is 3.5.1 (check what version you are currently running), we will upgrade the blog to the latest version of WordPress following proper upgrade procedures. Also, if any plugins are out of date we will update them. We will also work with you to secure the blog against a future hack. If your blog has been hacked due to poor security at your web host we can move your website to a new host as part of the service. If your blog has been removed from the Google search engine we will assist you in filing a reconsideration request. If your blog was distributing malware and has been flagged and blocked, we will request a malware review from Google, Yahoo, and or Bing to have the warning removed. It should take no more than a day to be removed from Google's malware blacklist after a review has been requested.
US$250. Payment is due after the blog has been cleaned up and we accept payment by credit card, debit card, or eCheck through PayPal in a number of currencies.