In the last few months, I have unintentionally branched into a new area of service: fixing hacked WordPress blogs.

Honestly, I’d much rather spend my time doing search engine optimization, marketing, or coding new themes, but when I get a panicked email from a hack victim, I understand that getting their blog up and running again is (naturally) their number-one priority.

This post explains why WordPress blogs get hacked and how to keep it from happening to you.
How bloggers discover they’ve been hacked
Many times the hackers are pretty slick, and you might not even know you’ve been hacked until you start to lose traffic or see a weird error. I had a few blogs hacked about a year ago and it took me a while to notice because I wasn’t regularly monitoring my traffic.

Some symptoms I’ve seen (on my own blogs or on my clients’ blogs):

Delisting, a dramatic drop in rank, or a “caution” page from Google. You’ll usually find out about this a while after the hack, either when you search for yourself on Google, or (if you usually get a lot of traffic from Google) when you notice your traffic go down. Sometimes you’ll get an email from Google that alerts you to the situation.
Strange links in your posts that just “appeared.” You’ll usually only spot these if you go back and edit an existing post, so many bloggers don’t notice these right away, either.
Weird blog behavior, like blank pages or “secret” pages that only show up if you try to go to a page that doesn’t exist. Not all of this points to being hacked (for instance, an out-dated plugin can cause a blank page) but it’s often the first clue that something’s wrong.

Why isn’t it easier to spot? The hackers purposely hide most of the evidence from you, and intentionally set it up so that search engines (like Google) see the new “content” they’ve added, but regular visitors (including you) do not. That makes it harder to catch the hack right away and makes it more likely the hackers will accomplish their goals.