How My Blog Got Hacked

If you are a regular reader of this blog you might have noted that this blog was not updated in the last few week. I have been fixing a few unexpected problem.

This blog was hacked by a hacker last month. I didnt know of the attack until I got a email message from google that said they were temporarily removing my blog from their index because they had detected hidden links in the blog. My first reaction was WTF.. They informed me they suspected it was the work of hacker.

Looking at the homepage of this blog I couldn’t see anything fishy, the links were invicible on a browser even when I checked the source code using dreamweaver I couldn´t see them. But when I checked the blog using this tool forwarded to me by my hosting company, I was shocked to find that this blog had 250 hidden links. Using this other tool at SMART IT CONSULTING I discovered the hacker had hidden the links insider the footer.


I don´t keep credit card numbers in the blog the hacker just wanted to place the links. I suspect this was the work of a rogue SEO consultant. Google ranks sites depending on the number of links pointing to your site. If I can get 5,000 sites to link to this blog using keywords marathon running. This blog would always be at number one. The more sites linking to your site the higher you rank.

The competition to rank high has become fierce and some websites are using illegal means to get to page one of google search. One way is to hack into other sites and place hidden links. Blogs are popular in being hacked because hackers know bloggers have no time and resources to protect their blogs.


Whoever had hacked my sites had created new files inside my wordpress installation. Instead of just removing the suspect files I un-installed the whole thing and installed a new wordpress.


  • You can´t see hidden links but there are signs that may indicate something fishy
  • Your site starts ranking in some keywords outside your niche.
  • Your bandwidth usage is rising while traffic stays constant or even declining.
  • If you use google adsense the ads are totally unrelated to your niche.


Keep your wordpress installation updated to the latest version but the irony was that when this blog was hacked I had the latest version 2.7.1. The plugins also need to be always upgraded. I suspect that is where the hacker found a loop hole because I had failed to upgrade many plugins. I guese I was just lazy because the current version of wordpress allows you to install and upgrade plugins on your wordpress without the need of visiting the C-panel. If you are still running wordpress 2.2, 2.3 or any other lower version you are missing out. The current versions allow you to do so many things without the need to visit the C-panel.The days of ´this plugin cannot install….´ are a thing of the past.

WordPress Security Plugins.

There are many, one of the most popular is Login lockdown, Login Lockdown is useful in preventing a brute force attack. Another one is security scanner. The one that I liked is this one, wordpress firewall, it will even send you an email when someone tries to hack into your site. They will even give your the IP address for blacklisting . Just yesterday they sent me an email of an hacking attempt from an IP located in Carlifornia, USA.

There is no guarantee of 100% security, if someone wants you he can get you. Hackers are good just like those guys working for Symantec. They successfuly hack big organisations, Barrack Obamas servers during campaign period were hacked, last year someone hacked into online account of French president Sarkozy and withdrew some cash from his account. The only sure protection is to keep checking for fishy activities using the above links and when there is an intrusion remove it before google penalises you. After being penalised my blog traffic from search engines plunged by 80%. After removing the hidden links google lifted the suspension five days later, thats was three weeks before the end of 30 days suspension.

When I started blogging I didn´t expect to find myself learning about internet security. Learning never ceases and it feels good to be empowered.

12 thoughts on “How My Blog Got Hacked

  1. Pingback: News How My Blog Got Hacked | Web 2.0 Designer

  2. dd

    Very nice story. A lot of people think that this will never happen to them, but attackers are clever and always going for an easy kill.

    I would recommend to you a site/domain monitoring tool to notify you (in real time) if your site is ever modified or added to a malware blacklist. free and simple:

  3. Make Money Online

    That’s a terrible experience. Sorry My friend.

    Also you need some basic steps to protect your computer like, using Yahoo anti-spy ware to scan after every browsing session. Plus improve on passwords e.g. use ~!@#$%^% before password and after password as well instead of using alphabets use numerals in their place e.g. in place of “E” use “3” or “0” use “o” etc.

    If you have a host who’s sensitive to attacks and has put the right systems on track you will have more of this. I used to experience the same but when I changed my web hosting I’ve never had to worry about Hack attacks. See if you can switch to more reliable hosting.

  4. Gustavo Leig

    I often get hacked just like you did. I tryed everything to secure my WordPress with plugins, htaccess, change password, but nothing seems to stop this kind of iframe insertion. Maybe is a in-server action?

    What I recommend is to install a script that checks every 15 minutes for changes in your files, if something was found different, send a report by email.

    By doing this I can then know if I got infected. The next step is use another perl script to remove the iframe tag from my php files.

    For all these scripts check my article (in portuguese)

    Any questions, just ask. Good Luck!

  5. Pingback: 44 Blogs with Good Advice About Protecting Personal Info on the Web |

Leave a Reply

Your email address will not be published. Required fields are marked *