If you have a WordPress site on GoDaddy, keep a close eye on it. This week alone two different people have come to me with site issues that have turned out to be the same exact hack. There seems to be a spate of them going on – see this thread in the WordPress forums that I came across – this is the same hack that I found. Fortunately in the cases I’ve seen it hasn’t caused a ton of damage – more a nuisance than anything, but it indicates vulnerabilities in your site. GoDaddy of course will provide you with no help at all – they won’t even check if it’s a hack, they will just assume it’s some WordPress issue and not even give you a place to start trying to fix it. I’m not a security expert so I’m not sure if the timthumb vulnerability was the way in, but in both cases that vulnerability was present. In both cases I found code added to the functions.php file as well as a few other dodgy files showing up.
As soon as you own your own website you will quickly amass a large number of online accounts – your web hosting account, FTP access, WordPress access, Google, Twitter, Facebook etc etc. This leads to 2 main problems for bloggers. Firstly most people end up losing track of their information, forgetting passwords, always having to reset their info, and generally being disorganized and frustrated. This results in problem #2 which is security. For many people, keeping track of all these usernames and passwords is a real challenge and most resort to very insecure methods such as using “weak” passwords over and over again because it’s easy to remember.
We really can’t afford to be so cavalier with our account info. I always liken such pieces of info to the keys to your house or car. Most people guard those things pretty closely,but when it comes to online info, they take more risks. For consultants and developers like myself it’s extra important that we have ways to keep info securely because we are privy to the accounts of all our clients.
Whatever your situation, here are some free and cheap tools that will help you. You only need to pick one of them and I highly recommend you don’t put this off any longer!! For some background reading on the importance of secure passwords and more, check out this post from web security expert Tony Perez of Sucuri.