How to Use Google Alerts to Watch for WordPress Hacks

This may not be a perfect solution, but Google Alerts can at least be helpful in watching for hacks in your WordPress sites. If you’re like many of the people I know, you probably have more than one site running WordPress. Doing a site: search in Google every day is not the most efficient way of staying on top of the sites and making sure that they have not been compromised. Some hacks are hidden from normal browsing, so you won’t find them by simply visiting your own sites every day. For example, Chris Pearson has mentioned a recent issue with pharmacy spam showing up in search results for his site but not visible to users:

WP Hack

Setting up the Alert

Google Alerts

Here are the settings that I use:

Search Terms: I normally enter a site: search string into this box such as site:pearsonified.com prozac OR viagra OR prescription OR cialis OR pharmacy. Feel free to play with the various keywords that are being looked for based on whatever hacks are popular. Most of the time, there are at least some pharmacy terms being targeted.

Type: I choose Web for this one

How often: I choose as-it-happens

Email length: 20 results is fine here. In most cases, 1 result is enough to know that there’s something wrong.

Deliver to: I have the alerts sent to my email account. Not sure how feeds work but I suppose that if you’re a feed addict it might work fine.

Click “Create Alert” and you’re good to go. Just hope that you never get an email for the alert you just set 🙂

Does anyone know of other options for this? Did I miss anything?

Comments

  1. Why not set the alert to notify you of new pages on your site, in the index? Always good to be notified of that, right?

    Also I find Alerts not very reliable… I watch many things and many of those many don’t get picked up reliably by G alerts.

  2. Yeah, they’re good for new pages and tracking indexing too. I figure they’re not perfect, but at least they’re better than nothing at all. Maybe someone needs to build something more reliable…or maybe there already is something.

  3. Why not just a cron job that gives you a list of new/changed files on the server? This could be especially accurate if you used S3 for your upload storage so you’re not putting anything new on your server by operation of the site other than maybe some cache files.

  4. What happens if the issue is just an injection into the DB through a plugin or something?

  5. Yeah, it wouldn’t catch that unless you built a script to do searches for keywords across all your db’s. I just like the idea of catching it before people are coming to the site from indexed spam content.