I’ve found out the hard way, that if you use WordPress, your blog is vulnerable. Early last year, I set up a blog using the WordPress via Fantastico module in my host’s cpanel. It makes for a very easy installation.
I hadn’t posted to that blog in several months and then I got an email from one of my sites telling me that when she followed a link to that blog, it was a page covered with obscenities. Sure enough, when I typed in the URL, I had been hacked. I was outraged. What did I do to deserve this?
When I tried to enter the admin area, I found my user name and password no longer worked. So I went through the cpanel and uninstalled the blog through there. There weren’t a lot of posts and I figured deleting and starting over would be the fastest way to get back up and running. It was a knee-jerk reaction and I learned later I could have saved my previous posts. But I set up a new blog with a more complicated user name and password.
Fast forward to this week. By now, I have several blogs going on topics related to my books. I continued using WordPress / Fantastico because it’s so easy, anyone can set up a blog in minutes. Maybe that’s also why they are so easy to hack. I’m not sure about the ‘how it happened,’ only the ‘what to do to fix it.’
I wake up this morning all ready to write a post on my main site about licensing and copyright infringement (could the hackers have gotten into my thoughts, too?) and there on my carefully organized blog home page was a notice that my site had been hijacked and was now under their control (religious extremists).
This time, I didn’t want to start over. I hoped there was a way to save my previous 250+ posts, but I was locked out of the admin area. I emailed my host’s support department and they told me how to go in the back door and make changes.
You can go in through your site’s phpMyAdmin area and do things like remove users (I had a recent one who’s name I didn’t recognize) and change your admin password. The instructions I followed were at: http://codex.wordpress.org/Resetting_Your_Password#Through_phpMyAdmin. I had to use the emergency script they link to. If you ever use the emergency script, be sure to delete it immediately after you’re done.
Once I got back into the admin are of my WordPress blog, I tried to write a post, but the hacked blog home page was still showing. I tried changing themes and voila, my original blog site was back and all my previous posts were intact. It appears the hackers came in through the theme (Vigilance) because once I switched to a different theme, their message vanished.
All in all, the recovery of my site took about half an hour.
Here are some recommendations if your WordPress blog has been hacked:
1) reset your admin password by following the instructions above
2) immediately upgrade to the newest version of WordPress
3) backup the database used for your blog. (usually you do this when upgrading, but if you’re a frequent blogger, backup more frequently.
3) create a new password that isn’t easy to break. include odd characters like ! +))^& and throw in an occasional upper case letter along with numbers.
4) check out the excellent suggestions at http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
Blogging is another excellent way to help sell your crafts online because you get better treatment from the search engines, assuming you do it right.
Related posts:
- CraftRock: Vote for Your Favorite Crafts CraftRock.comCraftrock.com lets visitors vote for their favorite craft. Here is...
- Copyright Litigation Threatens Craft Business Owner You have made your original crafts for years and suddenly...
Related posts brought to you by Yet Another Related Posts Plugin.
Very interesting story. I wonder if the newest versions of WordPress (2.7) are more secure than the older versions. Fantasio installed 2.6 and I upgraded to 2.7 quickly after the install. Hopefully I am safe.
Thanks for the article….I woke up this Sunday morning and spent about an hour writing a piece in MSWord…When I was done I went to log onto my site and discovered my home page gone and a Islamic Extremist group called Team Rabbat Sale had taken over my site and placed photographs of anti-American anti-Israel content all over it.
I basically went through all the same steps that you did, but it took me about a day rather than a half hour…I did get the propoganda off the site quickly because I looked in my root access logs and saw that the user who had accessed my admin area had been inside my “themes style sheets”…so I automatically deleted the theme from my file manager and ended their little party.
But gaining access to the admin dashboard was far trickier and after I was in I found at least three unidentified users on my blog.
Maybe word press should provide a function so that administrators have to approve any and all subscribers so odd ones like these never get in.
Thanks for the article.
Yours Truly,
The Federalist