WordPress site hacked? How to fix it..

My WordPress site has been hacked a few times over the years. Actually I have many WordPress websites and big tip for any would be Affiliate Marketers and make money online entrepreneurs out there would be… DON’T HAVE TOO MANY WEBSITES!

CREATE ONE SERIOUS BUSINESS AND BE AWESOME!!!

Scanning, securing and fixing hacked WordPress blogs can be a time consuming job, and if you have them all on one server, like a Hostgator shared account…  If one gets hacked… they all begin to fall. And if Hostgator don’t like what’s happening, they will shut down all your websites until you get the problem sorted.

So… Seeing as you probably found this post because YOUR WordPress site got hacked and now you are desperate to fix it?

Let me give you a quick list of MUST DO’S for any wordpress website I build, that will not only fix your problem, they will prevent your WordPress blog from getting hacked again! In fact… I now do this is as part of the initial setup of any WordPress site I create, specially for clients!

WordPress Website Clean Up and Defense:

PLEASE NOTE: I will refer to Godaddy for Domain management and HostGator’s Cpanel, seeing as that is the combination I prefer!

  1. MAINTENANCE & TRACKING
    Create a Google Doc Spreadsheet of your servers and domains to help this become a regular maintenance.
    My columns are…

    • Server IP/Name
    • Domain Name
    • Database name (available from the config file)
    • Visits/m (from the quick Cpanel drop down)
    • Addon (this helps me track expired domains that need deleting as they can get hacked even though they ain’t live on the web)
    • WordPress Version (or use a date for when you last updated WordPress)
    • Comment Control (For notes like; Comment spam attack, no spam, math sum in place, 30 day comments closed, using FB comments. etc)
    • Anti-Malware plug-in last run date (see below)
    • Last Malware infection date
    • HostGator Alerts (for tracking which sites keep causing HG concern)
    • Security Plug-in Running? (see below)
    • Update plug-ins and deleted old plug-ins (Date you last did this)
    • Deleted themes not in use. (Yes these can get hacked when not being used!!!)
    • External Sitecheck #1 – http://sitecheck.sucuri.net/scanner/
    • External Sitecheck #2 – http://siteinspector.comodo.com/
    • Google Webmaster Tools – Submit your site and check the health and control the frequency that the bots ping your site with.
    • Bing – See above (Bot visits can cause HostGator – or your host – to shut down you site on Shared accounts.)
    • Google health status – “This site may be compromised.” warnings etc
    • Database Backup – Date of last Backup or weekly if you have software doing this for you (see below)
    • Files Backup – Zip and download the Domain Folder (files) from Cpanel or use FireFTP
  2. KEEP WORDPRESS UPDATED
    Yes.. I realise this can be an issue if your site relies heavily on plug-ins that are not getting updated regularly or in time… So, if you are serious about your website, always check the update logs of plug-ins you install and better still pay for them, ensuring that you get decent support and updates!
  3. COMMENT SPAM
    This can be a real issue, with so many people desperate for links and even stupidly wasting time forcibly creating their own links’ rather than spending that time creating AWESOME content. I once had a WordPress site, that even with secure settings and comments closed was getting thousands of pending comments per day!

    • Use Disqus for comments or/and Akismet for spam management.
    • Consider turning off comments or making the settings less automatic. WP / Settings / Discussion (settings)
    • Consider closing comments after a few weeks or months
    • Consider switching to a Facebook comment plug-in, People are less likely to Spam when it can be traced to their personal FB account and you get some a little viral traffic from people who comment and let it be seen that they did, on their FB page.
    • Install a simple Maths Sum plug-in like – Math Comment Spam Protection
    • Any WordPress comment spam plug-in can slow your website down and most are not necessary if you are using the correct settings under WordPress / Settings / Discussion
      • UNCHECK – Attempt to notify any blogs linked to from the article
      • UNCHECK – Allow link notifications from other blogs (pingbacks and trackbacks)
      • CHECK – Allow people to post comments on new articles
      • CHECK – Comment author must fill out name and e-mail
      • UNCHECK – Users must be registered and logged in to comment
      • CHECK – Automatically close comments on articles older than   360 days
      • CHECK – Enable threaded (nested) comments  5 levels deep
      • CHECK – E-mail me whenever: Anyone posts a comment
      • CHECK – E-mail me whenever: A comment is held for moderation
      • OPTIONAL – Before a comment appears: An administrator must always approve the comment
      • OPTIONAL – Before a comment appears: Comment author must have a previously approved comment
      • Hold a comment in the queue if it contains   1  or more links.
      • USE THE BLACKLIST – The following Google Doc link will give you my current list of anti-spam keywords
        https://docs.google.com/document/d/16xGjhmkWZTGxtChfF1gtMNDagKr13X2py95gEGoR5wg
  4. ANTI-MALEWARE SCANS
    The best and easiest WordPress plug-in I have found to keep a check on malware is GOTMLS’ – Anti-Malware (Get Off Malicious Scripts)
    IMPORTANT: You don’t have to donate to use it, even though it prompts a lot.
    REALLY IMPORTANT: You DO NOT have to install it on every WordPress site hosted on the same shared account… If you install a WordPress on your root domain, the domain name your created your HostGator account with, Anti-Malware will then scan all the ADDON domains (AKA folders on that account) very very useful!
    *This plug-in will find and repair most wordpress hacks.
  5. HOSTGATOR ALERTS
    Pay a lot of attention to your server alerts, bandwidth logs and error logs.
    If you receive a warning from your Hosting Company, ask lots of extra questions as to which domains are affected or causing problems, and get specific reasons and solutions from support staff, rather than the copy and paste answers. If your WordPress website gets hacked it can cause some serious drains on the server you share with other customers and most Hosting Companies will often shut all your websites down without warning.
  6. SECURE WORDPRESS FROM HACKERS
    The basic install procedure of WordPress and Cpanel programs (like Fantastico) create a ‘common ground’ footprint that hackers and hacking software will use to find your WordPress blog and hack its weaknesses. This security breach occurs because they/it know where to look for; your files, your database and table names, and even your default admin user name.
    Better WP Security will handle many of those fixes, plus many more, until you learn how to install and secure your WordPress site manually.
    *This anti-hack plugin is essential!!!
  7. DELETE OLD & UPDATE ACTIVE PLUGINS
    Old and even unused plug-ins can be an entry point for hackers. If your plug-in has not been updated for a while you should consider looking for something else or try doing without it. Plug-ins create a heap a lag and loading issues on your website and can also be a drain on the server. You may also want to install a caching plug-in (like WP Super Cache) to speed up your website and reduce server load, just be aware that this may cause daily emails if you have the “email me when changes are made to my site” feature of “Better WP Security”.
  8. DELETE UNUSED THEMES
    You only need your active theme. Old and unused themes can become entry point towards your WordPress site being hacked. Delete them!
  9. EXTERNAL SITE CHECKS
    • The first check I do regularly is a Manual one. Simply go to your homepage in FireFox and press CNTRL-F to bring up the search bar. Enter the start of some spam words like VIAG to see if your website has any hidden code sending links back to seedy websites. This will often be the result of wordpress theme hack and the hacker installing an additional PHP file in your includes folder and then calling that up from either your header php file, footer php file, or main home page file. Manually look through your code and check/view any php files that get referenced to… Cpanel is probably the best way to view and edit these files manually. When you find something fishy, delete the reference code and also the nasty php file (after backing up, of course).
    • Check to see if Google is displaying any snippet warnings when your Google search your main keyword.
      Once clean your site needs to be submitted for review.
    • Scan your WordPress site at – http://sitecheck.sucuri.net/scanner/
    • Scan your website via – http://siteinspector.comodo.com/
    • Check your Google Webmaster Warnings and Health Reports – regularly!!!
  10. CONTROL THE BOT CRAWLS
    These can often put heavy loads on your server.

    1. Submit your sites to Google Webmaster Tools and Bing
    2. Slow down the crawl speed
    3. Note this does not slow down how often they visit just how fast they work when they arrive.

    You may also want to block some bots using a Robot.txt or/and your .htaccess file

  11. BACKUP, BACKUP and BACKUP
    Every WordPress website owner needs to adopt a good backup system, so that your can restore your website to a healthy version if it gets severely hacked and you are having trouble cleaning it!
    My WordPress ‘double’ backup system:

    • DATABASE
      1. Hostgator’s Cpanel backup software to download the Database
      2. Better WP Security also has an automatic option that can send your database zipped up and to your Gmail account for storage
    • FILES and IMAGES
      1. Zip the main file folder via Cpanel’s file manager and download
      2. Download (synch) the files to an external hard drive via FireFTP for FireFox or any FTP Software.

If your WordPress site has been hacked, my heart goes out to you, it is a horrible feeling. Just stay relaxed, you can fix it. Just work through all of the options above and your site will come out all the stronger for it!

This entry was posted in Uncategorized on by JD Sterling.

The Ultimate Video Converter Downloader in 2011

One thing I hate is downloading a heap of half baked video converters just to find one that does the job I want it too.

Second thing I hate is surfing through old posts from 2006 to 2010 that are no longer relevant.

I actually though I had found a good solution when I realized that VLC Player (free video player that plays everything) actually has video converting functions. But after three days in the back end of VLC player I just found it was too problematic and time consuming and did involve a bit of learning curve.

Plus the quality of the VLC conversions was no match for my final solution…

The Best Video Converter in 2011

The best video converting software in 2011 is actually free and it is quite simply – AWESOME!!!

Freemake Video Converter is:

  • 100% free – no overlays, no ads
  • The interface is super sexy and super easy
  • The auto preset options for quality and formats are vast
  • Every file type is supported ‘from and to’
  • And there are some other really cool features
    • Download and convert videos from 20 video hosting site
    • Converts to flash with included the flash player embed code for your website.

You can get a copy of the amazing video converting software here…

http://www.freemake.com/

This entry was posted in Uncategorized on by JD Sterling.

WordPress Removing Line Breaks Fix 2011

By default WordPress 3 (and previous versions) removes or filters out the line break (<br />) and paragraph tags (<p>) that you place in your category and tag descriptions.

With many solutions online that no longer work this article is a 2011 fix to prevent wordpress from filtering out the HTML that you place in these descriptions.

Firstly, its a good idea to add unique content to the top in-body text of these pages. It will improve your Google rankings and just makes for good SEO all round. If your not using tags you should consider using them if only for peoples names, an often overlooked and easy source of non competitive traffic. Blogging about the semi-famous and becoming-famous people in your niche not only generates traffic it can also leverage backlinks as these pages become a wiki-like source for information worth linking to.

Now The Fix

  • Find a page in your includes page
    wp-includes/default-filters.php
  • Your looking for a line that includes wpauto
  • In my WordPress 3.1 this is exactly
    add_filter( $filter, ‘wpautop’          );
  • Comment that line out
    //    add_filter( $filter, ‘wpautop’          );

Let me know if it works for your via a comment below!

This entry was posted in Uncategorized on by JD Sterling.

Pure Google Ranking Genius

Today I have a real rip-snorter of an idea towards getting better rankings in Google and ultimately more targeted free traffic.

Actually the title is not an overstatement!

This idea is pure ranking genius based on actual observations. A rather outstanding observation where one guy (a service provider of mine) and his little website inadvertently ranks on the first page of Google (often #2) for a SINGLE WORD PHRASE. A single word phrase that has 62 million competing websites and it was completely unintentional.

Continue reading

This entry was posted in Uncategorized on by JD Sterling.

SEO Sucks – Part Three

…continued from SEO Sucks part one and SEO Sucks part two.

In part one I explained how you can beat SEO with Quality AND Quantity. In part two I outlined my system for promoting a link-worthy article.

And now…

SEO Sucks – Part  Three

Syndication

If step two doesn’t get you some decent traffic and rankings well then step three will nail it. But you better have some good stuff in place back at your website, some good converting calls to action that lead to good profits, because this step ain’t so quick an easy.
Step two is done from one place – ping fm -that’s what makes its so simple. Once your 35 sites and profiles are set up, their updating is done from one place and one click.

Step 3 is similar but it happens in many different places:

  • Take you first article and rewrite it into five or more articles then go submit each of those five articles to five different article directory sites (that’s 25 in total).
  • Take the main points and concepts in your article and turn them into charts, images or diagrams. Syndicate those images out to picture sharing and hosting sites.
  • Take the key points in your article, plus the images and diagrams and create a short slideshow or power point presentation. Syndicate the finished slideshow out to slideshow sharing sites like SlideShare.
  • Take the article or your slide show and record a live audio as you read the article or sum it up in point form. Syndicate these audios out to podcasting or audio sharing sites including Itunes.
  • Take the slideshow, images, audio and combine them to create a video. Syndicate those out to video sharing sites like Youtube and make sure you accompany them with decent, keyphrase themed articles in the description.
  • Go one step further and film a live presentation to camera with all of the above edited in and upload that to video sharing sites.
  • Not always appropriate but another form of syndication is creating software, widgets and toolbars that relate to your articles and websites. Another is making a small PDF/ebook and submitting that to file hosting and sharing sites.

The main point above is now – instead of 100 satellite pages pointing into one link-worthy article – you have up to about 300 multi-media satellites pointing in to one quality page.
IMPORTANT: Make sure your syndication descriptions, profiles and bio boxes include a click-able link back to your website or article. On Youtube a full http:// url in the description will turn into a click-able link.

And with all those new pages you created, containing references and links back to your site, go ahead and create links to those pages by bookmarking them on social bookmarking sites. ;-)

If all that sounds like a lot of work, well… I think you need to go back to square one and make damn sure you pick a niche that your really are passionate about or simply don’t go looking for traffic before you have set up a really good site for traffic to visit and some good solid offers for people when they get there.

You don’t have to use all these strategies, just the ones that suit and work best for you!

SEO sucks when you make it too important, trying to manipulate search engines rather than just giving the searches exactly what they are looking for in the first place.

SEO Sucks – Part Two

…continued from SEO Sucks part one

If you haven’t read part one, it was just me ranting on about how SEO sucks and the real secret is just bloody write more articles for the same target phrase and make sure your article are the best available online.

SEO Sucks Step Two

  • Promote The Article
    I use Ping.fm to post out a quicker, shorter 15 minute version of the article / story and it gets sent out to a combination of blogs, micro-blogs and social site status updates. I do one post for the micro-blog 140 character sites and a second for all the blog 140+ character sites. One click and it goes out to 35 different websites that are not hosted on the same server as mine. often its just a brief announcement that is promoting the article I just wrote on my site, and I usually include a link back to said article.Ping.fm is a good system because its all in one place, but I often use a few more sites (bookmark sites mostly) that are not on ping, simply because I have developed that habit.

    IMPORTANT – I also use this ‘Ping.FM system’ through my research phase, so by the time I do the actual article promotion post, there are already at least 5 related posts linking to good sites/news/tips I found while I was putting the quality article together. This keeps my satellite sites nice and fresh and I can even update them all just with one text message from my phone.

    The result is I have one site with only one, top quality article on it each day and I have 35 other throw-away satellite sites/pages/profiles out there which have at least 3 low quality articles on them each day. That translates to 1 days work and well over 100 relevant links off-site pointing to one link-worthy article on-site. I out perform and out rank the competition, the low quality duplicated content off-site does not dilute the quality of my main website and I make damn sure I keep all the visitors exposed to offers, coming back and also opted into an email list.

…but wait there’s more!

SEO Sucks part three

SEO Sucks – Part One

I mean you have to understand the basics, but everything you need to know about SEO can be learned online for free in about 30 minutes. The rest of the SEO minefield sucks.

SEO or Search Engine Optimization should then become intuitive and certainly not calculated. There is no need to count the keywords in your post and reach a certain percentage, not to high, not to low.

“SEO is a hyped up strategy that was invented by internet marketing gurus to keep your hopes up, keep you dreaming and convince you that they have the secret you need.”

Getting good traffic from search engines, for free, is more about quality and work then it is about tricks and tactics.

You pick the article you want to write, do a bit of Googling and research, work out what your best target phrase should be, simply based on good traffic, forget competition. Just use the Google Keyword Tool type in the theme of your article, run the tool, switch to exact match and pick the 3-5 word phrase with the best traffic. Now just go back and write your article with that phrase in mind. Remember SEO sucks if your ‘trying’ to use it. It will destroy your article and make that suck also.

You don’t even have to use your target phrase exactly as is, just keep your article real and natural. But above all else, put some decent time into your article, research well, and compile the best article you can for that theme/phrase.

How much you use the phrase in the article depends purely on being real and keeping your article on topic at the same time. Lets say your keyword is ‘SEO Sucks’ avoid the temptation to stuff it in and over bold it, use it when its called for or sneak in an additional phrase like, I suck on SEO for a living or SEO probably works, its my writing that sucks.

Sure you include a few images, name the images based on your target phrase, bold the keyword sentences, use it in a header, use it in the title, use it in the url, use it in your image alt tags, but again, not exactly. You can also link out to a relevant and related article and link internally to a page on your site. But only if its needed and makes sense to do so. When SEO doesn’t suck it means it has become 100% intuitive.

Now… For the best thing you can do!

Better than SEO

Write 5 more articles on that topic and schedule them to be published on your site over time (hours, days, weeks), these articles can touch on aspects within the first article or they can take up different angles or just be part 1-5 of a series. Whats important is to have your target phrase (or a variation of) inside each article and have that phrase linking back internally to the original article.

Most people when they attempt to take out a key phrase and get ranked for it using SEO, simply try with one article and stop there. Write 5+ articles on that theme and your chances of beating the competition have improved 5-fold. You don’t have to out SEO them, just out write them with Quality and Quantity.

And finally, if your article is really worth getting traffic to – and by that I mean; A) its a bloody good article worth reading; B) it is surrounded by some form of monetization for you like, adsense, your ebook, your  product, an affiliate product, an email list opt in, or your services – well, then its worth going the next step and making sure the article get its full potential of attention.

The final step is a combination of satellite sites, bookmarking site and syndication to dominate more real estate for the target keyphrase and also provide a few backlinks.

When I do this on my serious niche sites, it follows 3 ‘potential’ steps and I say ‘potential’ because sometimes step one is enough.

  1. Write The Article
    I put one full day into creating a kick-ass article which is often split into parts for the purpose of internal linking. I do a regional specific recent Google news search, a Youtube recent video search and a Twitter search every day that I work on my niche site. A lot of my inspiration to write comes from there. I research my niche whether I am writing or not because its a passion and its what I would do online if I wasn’t into making money from it.

And when I have written the best possible article I can muster up in 4-8 hours I simply promote the article using a proven system that has now become a habit, almost automatic.

The next part of this article has been scheduled for tomorrow.

… See SEO Sucks part 2