Approximately thirty-six hours ago this website was attacked by hackers. I was soundly asleep in bed and missed the whole thing, however, several friends sent me emailed in the attempt to notify me. By the time I read the emails the next morning, my provider had already fixed the problem and restored their latest backup of my site and everything was sweet. I lost nothing!
But, I did the research anyway, because that’s just the type of person I am. I wanted to know what it would mean to me (if my provider wasn’t quick to react) and what I would have had to do to fix the problem. I want to share the results with you, as many of my readers also have blogs and I believe being forewarned may prevent you losing a lot of information.
Firstly, the best policy for WordPress bloggers is to keep your installation up to date, this includes your plugins. However, this is no guarantee that you won’t get caught out. If you do find yourself compromised, then you should think about doing a complete, fresh install on a newly created database.
“Fresh” means that you must download a new copy of WordPress, your plugins, your theme and, to be absolutely safe, find the original images of everything you have uploaded to the website (this includes book covers, DVD covers, photos, everything). It sounds like a lot of hard work, but it shouldn’t be, especially if you save copies of your files to your computer regularly.
With that lovely new database sitting empty and waiting to be used, and the old database dumped, you should install the “fresh” copy of WordPress and then upload all your “fresh” files. Then, when all is up and running, you can restore a backup of your blog…you do backup your website regularly, don’t you? There’s a WordPress Databse Backup plugin that makes this so easy, you’d be silly not to grab it right now if you are not using it already. The plugin will backup your site weekly and send the backup to your email address (don’t backup to your database, because then your backups could also be compromised).
You should be back to where you started – fresh and clean.
Go to How to Completely Clean Your Hacked WordPress Installation for step by step instructions.
My site didn’t suffer any ill affects from the hacking from what I can see. I don’t feel the need to do a complete new install, but if I notice anything strange in coming days or months, I will immediately do the above.
I did, however, check to see if any users had been added to the list (even invisible ones – see the link below to find out more about that). I also immediately changed the password, checked all the files to see if I could see strange coding and will do a more in-depth check over the weekend when I have access to ftp.
Follow these links to find out more:
WordPress Attack Catches Bloggers Off-Guard but it Shouldn’t Have
WordPress Hacker Strikes: How to fix the hack that causes permalinks, url, structure error