WordPress keeps getting better. Version 3.3 was released a few days ago. The main new feature is drag and drop media upload. The Admin Toolbar has been simplified with drop menus. There are also new tool tips.

You can read full details here.

I found some good statistics recently that were a surprise to me. I knew WordPress was very popular but had no idea just how dominant it is. According to Trends Built With, WordPress is the CMS used for 62% of Top Million websites (at time of writing). It’s taking over the world! It deserves to as it is a great system from both the developer and users point of view.

CMS Top Million

Taken from http://trends.builtwith.com/cms as at 17/12/2011

There is a downside to popularity. Just like Microsoft Windows popularity attracted lots Malware we are seeing more hacking attempts on WordPress. It’s important to monitor your websites statistics and search results. Often there is no sign that anything is wrong with the website as the hackers know that will bring an end to their misdeeds. Looking closely at the websites statistics through AWStats in your control panel and help to identify unusual activity. Google Analytics won’t help as it only monitors pages that have been their Urchin code. The hacks are often well hidden so you are looking for unusual high levels of activity on odd files often from odd countries you don’t deal with.

Checking your search results in Google and clicking on them can identify if you are suffering from a redirect hack.

The best way to ensure you don’t get hacked:

  • Update to the latest version of WordPress.
  • Update your theme and plugins.
  • Delete any unused themes or plugins. They don’t have to be active to get hacked.
  • Disable directory listing on the server.
  • Don’t have overly open permission levels on the server.
  • Make sure the computers you administer WordPress from are secure and have up-to-date virus software.
  • Make sure you have a backup of the website and database.
  • Don’t email passwords or store them in an unsecure places.

If you are hacked already then:

  • Change all passwords including database.
  • Do all updates.
  • Check AWStats to try identify hacked files.
  • Check your .htaccess file for redirects.
  • Google the particular problem for existing solutions.
  • Get help.

As it can be very hard to identify what has been compromised it is sometimes quicker to delete everything and install a clean version of WordPress with new access details. Carefully reimport your data, media and theme. If you do everything above and still get hacked again you have to consider that your hosting might not be secure and should move your website.