This site was hacked in early January. The first I knew of the hack was seeing the words “This site may be compromised” in Google’s search results and my page titles filled with spam. More than two weeks later, some of my pages (particularly tag archives) in Google’s index are still affected:
It’s a sickening feeling knowing your public words – a good chunk of your online heritage – have been wrecked. It’s more frustrating to know that the hack was unlikely deliberate or personal. A vulnerability in my WordPress installation or settings allowed a machine to probe, enter and frack about with my site.
If you’ve ever had your WordPress site hacked, you’ll recognise that plunging feeling in your stomach as you see upcoming free evenings and weekends vanish. You know your time will disappear in the screen glare of tutorials, how-to guides, exporting and importing databases, phpMyAdmin and support calls with your web host.
Since then, I’ve decided to start over with a new WordPress install and the Pinboard theme
you can see now.
The method I’ve used before – export your local database, find all instances of
yourtest.yourdomain.com and replace with
yourdomain.com, save and upload to your live site along with the new
wp-content directory – didn’t work. Rolling back to an earlier version of the live site didn’t work either. Mysteriously, I was left with a homepage but no blog. Papsticks.
In a fit, I trashed the lot, created a fresh install on the live domain name, used WordPress’ import/export tool to import content from my iMac into the site you can see now. This means that all the posts and pages are back, though many images are missing from the content and there are no featured images on posts yet.
I apologise now if you click on links that don’t work or read a how-to post with screenshots missing. It’ll take a few days for me to get things back in order but I’ll get there.
In the meantime, here are some tools and mentions of people who proved invaluable in restoring this site and making it more secure:
- My web hosts DreamHost were fantastic, giving me detailed step-by-step instructions on clearing up my server and working through my WordPress install to check for anomalies or malicious changes. Contact your host first; they’ll know more about this than you do.
- James Clarke recommended Sucuri SiteCheck, a tool to scan your site for malware. Even better, James recommended the WordFence plugin. This has been a real eye-opener. As well as containing tweaks to shore up vulnerable areas bots and hackers look for, you can use it to automatically block bots that hammer your WordPress login page and get email alerts. I’ve just checked my email. In the last hour, there have been 33 different instances of a bot attempting to log in to my WordPress dashboard. Yikes!
- A post on how to remove this site may be compromised warning by Charlie Patel.
- Advice on cleaning your site in Google Webmaster Tools. [Updated 13th March 2013: Google announced new resources for hacked site recovery.]