With the millions of websites out there, you think you're safe. You think the statistics are in your favor. That your website would never get hacked. Well, I'm here to tell you it CAN happen to you. This website was hacked this past Christmas Eve. What happened is part of a larger and disturbing trend in which small-business websites and blogs are being attacked and compromised. WordPress sites seem to be a particular target. I've decided to share my story, in the hopes that it will help you avoid a hacking or if one does happen, recover quickly. The\u00a0Ugly Details On Christmas morning, I tried to open this site as I normally do first thing in the morning, just to do a quick check. The home page of the site was completely blank! Nothing. Nada. I could not post anything new, either. I realized that a cracker had hacked the site. As I investigated later that day I discovered quite a bit of damage to the site, including: All WordPress plugins had been deactivated A number of pages had been deleted, including the Experts directory, Newsletter page, About page and others. The blogroll had been compromised, with about a dozen links inserted to adult sites and pharma sites. Almost 50 hidden links to adult sites, pharmaceutical sites and other junk sites had been scattered in the header and in the footer. You could not see the links from looking at the site through a standard browser like Internet Explorer, because they were intentionally hidden using HTML code. However, search engines could "see" the links, of course. With it being a holiday, I did what I could on my own to\u00a0restore the site, and the next day got help. \u00a0Luckily\u00a0I use a professional hosting company with excellent telephone support. And our contract webmaster, Tim Grahl, was super and dropped everything to respond. Working as a\u00a0team, we managed to\u00a0get the site\u00a0functioning and looking presentable again by end of business December 26. However, little did I know that the ordeal was not yet over. I had just seen the tip of the iceberg the first day.\u00a0 I soon discovered what the hackers REALLY had done. Hackers Gaming the Search Engines From the start I kept wondering, 'Why would somebody hack this site?' There is nothing of value (to a hacker) in it. No credit card numbers. No confidential data. No customer information. At first I chalked it up to vandalism. But as the situation unfolded and I discovered more damage, I realized this wasn't mere vandalism.\u00a0 Rather, this hacking activity is all about hijacking small-business websites and blogs, and using them to generate links to other sites to game the search engines. The hackers find a security hole and\u00a0get inside your site.\u00a0 They take control through scripts that\u00a0turn your site into a link-generating drone.\u00a0\u00a0 The links generated\u00a0on your site (without your knowledge) are pointed at other sites, in an effort to get those other sites to the top of the search engine results. Snared\u00a0in a Splog Ring A day\u00a0after\u00a0I discovered the hacking, I learned the worst part: the hackers had hijacked part of this site\u00a0into a splog (spam blog) ring. The first clue came from\u00a0Technorati.com\u00a0when I saw the inbound link count to\u00a0Small Business Trends\u00a0had jumped by a couple thousand links overnight. "Oh how nice," I thought -- for about 3 seconds!\u00a0 My pleasure turned to disgust when I saw that all the\u00a0links used anchor text such as "viagra", "cute ringtones" and other assorted junk. The links were from "splogs."\u00a0\u00a0Each splog consisted of\u00a0lists of thousands -- literally thousands -- of links pointing to pages on other websites, including hundreds of fake pages\u00a0that had been set up on the tmp directory of this site. That's when I realized what the hackers really had done.\u00a0 They had left behind a script that auto-generated hundreds of fake pages on this site. Those fake pages\u00a0in turn were redirected to pharma, adult and ringtone sites. You could not see the fake pages from looking at this site, but they were there. Then the hackers had created rings of other sites,\u00a0mainly blogs,\u00a0to link\u00a0to the fake pages on Small Business Trends. Everything was designed to ultimately\u00a0send combined link weight to the pharma, adult and ringtone sites they wanted to rank high in the search engines. Here's how it works: Splog A\u00a0 >>> \u00a0links to fake page on hijacked site B\u00a0 >>>\u00a0 which fake page has been redirected to a pharma site selling OxyContin.\u00a0 Rinse and repeat.\u00a0 Thousands of times.\u00a0 Result = quick increases in search engine rankings for the site selling OxyContin. As\u00a0you can see, this was not an isolated attack on a single site.\u00a0\u00a0This was\u00a0an orchestrated scheme involving\u00a0hundreds\u00a0if not thousands of sites.\u00a0\u00a0Mine just happened to be one of many sites snared. How the Hackers Got In We think the hackers got in through an insecure version of WordPress via the server. Beyond that I won't say more, so as not to give a roadmap for how to crack other sites. The attack appeared to come from\u00a0a Russian\u00a0IP address. The attack\u00a0took advantage of\u00a0the holiday timing, as my host\u00a0had a skeleton staff working Christmas Eve. Amazingly,\u00a0less than 2 days\u00a0after the first attack,\u00a0while we were in the midst of fixing the carnage, the hackers came back! This time, the hacking attempt was prevented by quick action on the part of the hosting company, blocking\u00a0the IP address which was madly spidering the site. As I researched other hackings, I was stunned to discover that there are over a dozen versions of WordPress with known vulnerabilities. With an estimated 2 to 3 million blogs using WordPress, that means a lot of blogs\u00a0potentially at risk.\u00a0 Websites and blogs\u00a0that have been around a while, and trusted sites, are the ones likely to be attacked. Just do a search in Google and you will find reports of other WordPress blogs being hacked, including\u00a0some of the best and brightest.\u00a0 Even\u00a0Al Gore's blog was hacked. Furthermore, my research has uncovered at least a half dozen\u00a0ways to compromise WordPress blogs.\u00a0 And for every method I've seen,\u00a0I'm sure bad guys know\u00a02 dozen others. Corrective Action\u00a0 We took a number of steps to secure the site, including: Upgraded to the latest version of WordPress. Eliminated one plugin which research suggested might have security vulnerabilities, and updated all the remaining plugins if new versions existed. Cleaned up all the crud left by the hackers, deleting their scripts and unauthorized links and pages. We not only had to scour our own site code, but needed our hosting company to do it for the entire server. Reverted to a clean MySQL database backup from before the attack. Blocked\u00a0self-registration on this site. Changed passwords; reviewed server logs for suspicious IP addresses and blocked them; and changed a number of other things\u00a0that I don't want to call attention to. Someone asked if I planned to switch from WordPress to another software.\u00a0 No,\u00a0I plan to stick with it.\u00a0WordPress is a good software package and has been headache-free\u00a099% of the time.\u00a0 I understand that the WordPress development community is working to address the security issues -- let's hope they do so before WordPress develops an irreversible\u00a0bad rap. However, I have kicked up security measures a couple of notches.\u00a0\u00a0I believe a\u00a0determined hacker\u00a0can find a way to get in any site, if they really want to.\u00a0 But\u00a0why\u00a0make yourself\u00a0an easy target? So, right about now you're probably wondering what you can do to protect your blog or website. \u00a0I have some pointers for you.\u00a0 But since this article is already long, I've put\u00a0them in a separate article: How to Protect Your WordPress Site.