Stay on top of WordPress Spam Injection with Automatic Upgrades and SpamCheckr
I had the unfortunate experience of being spammed a few months ago. Not a huge deal but it did cause both Baconmusic and Engand for Obama to be removed from Google search results for 30 days.
If however it would have been THIS site or one of my client sites I would have been in serious trouble.
What happened
Both of the sites in question were running old versions of WordPress with modified themes that I hadn’t developed from scratch. I’d simply made new CSS/images over an existing framework.
Baconmusic was attacked by link SPAM
Turns out both of these themes had security holes, as did the version of WordPress (2.5) each of the sites were running.
These exploits allowed an evil spam bot to hack in and insert some dodgy code into the WordPress theme header and footer files.
How did I find out
An email arrived in my inbox – the weird thing was initially I thought it was SPAM. The subject was something along the lines of “Your website has been removed from Google..”
Google warning message, courtesy of spamcheckr.jungleg.com/about
“Yeh, sure… whatever…” I thought. Then I read the message and quickly got worried.
After trawling my website code it was obvious something was wrong. Literally 100s of hidden links were embedded into the header and footer of each site. You can imagine the type – viagra, dating, weight loss, money making… all that rubbish.
How I fixed it
First thing I did was fire up SpamCheckr a great service which will use Googles own algorithms to look though your site and report on the problem. Both sites came back with 1000s of issues and a Spam Score which was off the charts (eek!).
The next step was to look into my WordPress theme and find the damage – and after logging in it was obvious where the problem lie: header.php and footer.php where awash with nasty encrypted PHP code.
The easiest way to fix this problem was to re-upload my theme files from a local backup. Therefore overwriting any changes – phew!
After this I upgraded WordPress to the latest version on both blogs. Ran a few security checks and installed a couple of security hardening plugins.
I then gave SpamCheckr another run to make sure everything was clean. My Spam Score was now a truly delightful ZERO 
Thankfully my MySQL database was secure. If not the bot could have hacked in and added lines of code to every single post/page/comment in my WordPress database. This happened recently on the CoolSmartPhone website and caused it to go down for a couple of days – nasty stuff!
Immunisation
Upgrading WordPress and checking for weird code in themes is the best measure to ensure this never happens again.
Plugins are also a risk – like themes always download from the official WordPress site or a site you know and trust.
I also run SpamCheckr once a month on every site I manage – just in case – they actually have a service which can do this for you automatically but I have yet to sign up.
IF you’ve never ran this on your site please – do it now.
Rejigging Our Services
Evolution of a business model is tricky but sometimes things happens to help the processes along, for me it was two things:
The first was an intervention by Iconfactory who had noticed I had inadvertently been using an unlicensed icon pack in my base6 re-design back in May (doh!).
Because of this I was forced to remove around 12 icons from my site. This was no mean feat because I had embedded them so deeply into my new design. In the end I decided it was easier to completely re-work the layout of my site template as well as do some general housekeeping.
The second thing was my attendance at this years WordCamp UK where I realised that my skills as a WordPress developer should no longer be promoted as simply “website design” - My work at base6 has been pretty much 100% WordPress-related since I started the business back in 2005 – I had just never really made that big a deal of it. It was time for this to change.
These two elements alone weren’t enough to ignite my desire to re-work the base6 service structure but together they were hypergolic.
Say Goodbye to Print and Identity services
The Print design industry is saturated with high quality designers working at low cost printing houses. It is almost impossible to effectively compete with their experience and efficiency and recently I have found myself passing over print and identity work to non-web-specific freelancers simply because they have access to tools to get the job done more productively that I ever could.
I also find that sites such as VistaPrint and Printing.com offer adequate online templates and design solutions that are more than enough for most clients on a small budget.
In the works…
Over the next 2 weeks I will slowly re-work the base6 service structure which will result in a homepage overhaul and a couple of new sections being added (as well as a few being removed).
Along the way I will be doing some A/B testing a bit of extra SEO work and some general back-end housekeeping.
Please bear with me and keep a look out for the updates!
If you’d like more information, feel free to contact me using this online form.
