I’ve been hacked

This site was hacked in early January. The first I knew of the hack was seeing the words “This site may be compromised” in Google’s search results and my page titles filled with spam. More than two weeks later, some of my pages (particularly tag archives) in Google’s index are still affected:

Google search results for my site on 24th Jan 2013

It’s a sickening feeling knowing your public words – a good chunk of your online heritage – have  been wrecked. It’s more frustrating to know that the hack was unlikely deliberate or personal. A vulnerability in my WordPress installation or settings allowed a machine to probe, enter and frack about with my site.

If you’ve ever had your WordPress site hacked, you’ll recognise that plunging feeling in your stomach as you see upcoming free evenings and weekends vanish. You know your time will disappear in the screen glare of tutorials, how-to guides, exporting and importing databases, phpMyAdmin and support calls with your web host.

Since then, I’ve decided to start over with a new WordPress install and the Pinboard theme you can see now.

Well, eventually technology forced my hand. After crafting a new local version of this site using MAMP and WordPress, deploying the database to the live site proved beyond me.

The method I’ve used before – export your local database, find all instances of yourtest.yourdomain.com and replace with yourdomain.com, save and upload to your live site along with the new wp-content directory – didn’t work. Rolling back to an earlier version of the live site didn’t work either. Mysteriously, I was left with a homepage but no blog. Papsticks.

In a fit, I trashed the lot, created a fresh install on the live domain name, used WordPress’ import/export tool to import content from my iMac into the site you can see now. This means that all the posts and pages are back, though many images are missing from the content and there are no featured images on posts yet.

I apologise now if you click on links that don’t work or read a how-to post with screenshots missing. It’ll take a few days for me to get things back in order but I’ll get there.

In the meantime, here are some tools and mentions of people who proved invaluable in restoring this site and making it more secure:

  • My web hosts DreamHost were fantastic, giving me detailed step-by-step instructions on clearing up my server and working through my WordPress install to check for anomalies or malicious changes. Contact your host first; they’ll know more about this than you do.
  • James Clarke recommended Sucuri SiteCheck, a tool to scan your site for malware. Even better, James recommended the WordFence plugin. This has been a real eye-opener. As well as containing tweaks to shore up vulnerable areas bots and hackers look for, you can use it to automatically block bots that hammer your WordPress login page and get email alerts. I’ve just checked my email. In the last hour, there have been 33 different instances of a bot attempting to log in to my WordPress dashboard. Yikes!
  • A post on how to remove this site may be compromised warning by Charlie Patel.
  • Advice on cleaning your site in Google Webmaster Tools. [Updated 13th March 2013: Google announced new resources for hacked site recovery.]

4 Comments

  1. 15 February 2013
    Reply

    I have been through all of that, it’s really annoying. I would suggest a few useful plugins in addition to Wordfence Security:

    http://wordpress.org/extend/plugins/gotmls/ (Anti-Malware (Get Off Malicious Scripts) – absolutely useful to remove malware, it removed my infection after the first scan!

    http://wordpress.org/extend/plugins/websitedefender-wordpress-security/ (WebsiteDefender WordPress Security)

    http://wordpress.org/extend/plugins/bulletproof-security/ (BulletProof Security)

    • 18 February 2013
      Reply

      Thanks for the plugin suggestions Marco.

  2. 10 October 2013
    Reply

    which is best Better WP Security or Wordfence Security or Anti-Malware (Get Off Malicious Scripts) plz ..

    • 10 October 2013
      Reply

      I have only used the Wordfence Security plugin and have always been happy with it. It does a great job.

Leave a Reply

Your email address will not be published. Required fields are marked *