I like WordPress and use it on most of the websites I have, not just this Blog, but as a Content Management System on our rental site for our home at http://VillaRoquette.com. I use Google Webmaster Tools to try to keep my sites in order, one of the services they give is to tell you about any Malware or Phishing hacks that appear on your site – the disadvantage is they tell you after you are attacked and that your site is blocked by Google. but at least they tell you where the problem is and how to fix it and get re-established.
I have lost a couple of successful businesses from being hijacked and hacked on the Internet – I suppose this is some sort of reverse success as usually these evil scumbags only hack successful sites – but by keeping software up-to-date and using good passwords as well as monitoring the sites daily I seem to be holding back direct attacks on the sites.
However two weeks ago I seemed to have opened the door to a whole new problem – it is as if I saw this big wooden horse outside my home and decided that I must bring it in – I loaded a Plugin to WordPress called Zamanta – the idea is that this helps give relevant links and information, pictures etc to make the content more interesting. What it did do was insert a link which then had other code inserted and as flagged as Malware, getting an immediate ban from Google.
Thanks to Google they mailed me, told me the problem page and I could fix it in seconds, they then re-spidered my site and gave me a clean bill of health.
There is no doubt it was this Zamanta link which I put to software called Drupal – I am sure that neither Zamanta nor Drupal are the villains, but as Drupal is very popular, it looks as if hackers have corrupted the links, possibly via Wikipedia, for references that Zamanta uses. The page with this bad link on only had three lines in it and one link – so there is no doubt.
Plugins can easily take your site down. This can get complicated, and may or may not be malware related. Some plugins are simply a result of bad programming.
And what works on one host server may not work at all on another.
A good rule of thumb is, if you can do what you want without a plugin, code it yourself, do that.
Use as few plugins as possible.
Some site load sooooo slowly I sometimes leave. And all because of pulgins running remote scripts.
Thanks Hal – very good advice, now to dust off my php5 manual – oh dear……….
Merci Tony for opening my eyes to the consequences of making casual choices in the plug-in world. Apparently what seems like a quick resolution can quite easily turn into a coding conundrum. Yikes.
The advice Hal gives here is very good, it seems wise to avoid plug-ins wherever possible – everything they offer can be coded directly into the site and I have found resources online which offer help and advice to do this – there ain’t no such thing as a free lunch……
Yikes – thanks for the heads up. I have enough headaches dealing with content spam to have to deal with true malware.