So as many of you know this site and several other SEO sites were the target of hacker using a wordpress exploit, to gain access to my site. Plain and simple the problem rests on my shoulders for not keeping my wordpress install up to date. I was at least one or two versions behind. While updating wordpress isn’t hard, it does become a bit of a bother if you run multiple sites, but being lazy is no excuse for lax security. So to you mr hacker you won and enjoy your moment in the sun. For those of you who want the complete drama read on …
Last night was the monthly meeting of Internet Marketers of New York (im-ny.org) which I’m a member of. Todd aka Stuntdubl asked me if I was free and could catch an early train into the city early for a bite to eat. After dinner on the way to the meeting Todd pulls out his blackberry/pda and say “two emails with the subject line HACKED, that can’t be good”. We meet some of the folks and Chris for 10e20 shows me the text from the hacked page, tells me it’s all over threadwatch and digg. He also tells me people are thinking it’s linkbait. We get little more intel on other people getting hacked and it becomes obvious it’s really a hack and not a ploy for attention.
At this point I had the option of choosing to stay and have a good night drinking and talking shop with some friends, or jumping on the train for the 1 hour ride back to fix it. Since I wasn’t running any commerce on the box and don’t have any other sites hosted with this company I decided to stay out and have good time hacking pirates be dammed. I’d like to thank all the people who took time to send me an email letting me know there was a problem, I appreciate it. I’d also like to thank Rae and John Scott who went to the extra trouble and picked up a phone and left me a voice message, you rock! For those of you who’s first thought was ‘this is linkbait’ I totally understand that, a healthy bit of cynicism is good thing. However in the future I’d just ask that you wait for a few more of the facts to come out before sending someone to the gallows … thanks.
I got home did a little research and decided the best plan was to wipe everything out and do a complete re-install. A payload of spyware could have been deposited and I wasn’t willing to take the chance. I had to manually log into the MySQL database, hand edit some values, delete any extraneous user accounts and change the passwords on the remaining ones. Kind of a bummer and not a lot of fun from midnight until 3am, but you gotta do what you gotta do. I’d also like to say thank you to the folks who offered technical support if I needed it.
Being hacked sucks! There’s no way to mince words about it, you have that icky violated feeling, that I hope any of you never have to endure. So learn from my bad example and keep your wordpress software up to date. I’d also recommend using this wordpress database backup which lets you schedule a nightly job to email backup to your offsite gmail account.
Be sure to look at a post from Reuben Yau on Protecting the WordPress wp-admin folder with htaccess. You are putting that file in the WP-Admin folder not the root folder.