Microsoft and their Windows PC software have long been the target of virus and trojan attacks. Computer hackers find security holes in the software and write the virus programs that spread so easily throughout the internet through email and hacked websites. Without antivirus software on your own computer, you will easily fall prey to even a novice hacker's first attempt at mayhem or phishing.There are also hackers that exploit security holes in well known website softwares, especially WordPress. According to BuiltWith CMS Usage Statistics, WordPress is the world leader in website content management software (aka CMS). That puts it right at the top as the target for hackers.
In order to keep a safe and secure Windows PC, you have to allow Microsoft to automatically install software updates and you need to have a current antivirus software subscription. Without these, you run the risk of getting hacked or getting infected by a malicious virus.
Like Windows, WordPress has dozens, maybe even more than 100 updates and bug fixes every day. Keeping up with the frequent updates is a daunting task for any website owner unless you have a service contract with your programmer to do so. The updates never end, and without them, just like Windows, you are vulnerable to hacking.
A few days ago, I was analyzing another jeweler's site and looking at the Content Keywords report in their Google Webmaster Tools and was quite surprised with what I found. This is an abbreviated list of their most prominent keywords on their site in the order of prominence:
1. jewelry
2. payday
3. loans
4. birthstone
5. cash
6. levitra
7. credit
8. customer
9. viagra
10. education
11. cialis
12. diamond
13. lenders
Six of the top 13 words used on their site are definitely spam related. Upon investigating, I found that every page of their WordPress website was hacked and an invisible block of text with offsite links had been added. The hacker was very careful not to disrupt the website in any way and this jeweler had no idea what was happening. Customers would never have seen the spam links either.
The goal of this hacker was to build links to their spammy websites, but they could have defaced this jeweler's site, or worse, loaded Trojan viruses onto the site and infected every visitor. They were lucky.
WordPress isn't the only susceptible CMS on the market. There are always security holes, especially in open source software, and always when the latest versions of software are released.
As a precaution for yourself right now, log into your own Google Webmaster Tools account here:
www.google.com/webmasters/
Then select "Google Index" from the left margin and then the sub option for "Content Keywords." Look over that report carefully. You should suspect hacking if you see keywords that do not belong, like "payday."
Anyone's website can be hacked, and the risks are very great if you don't update your website with the latest software patches, especially when using WordPress.
