It was just the worst. I came back from a wonderful Costa Rican trip and our home was fine, but my wordpress site was hacked!
Gone!
Poof!
This post, along with those that follow, will tell you what happened, how I got the sites up and running and diagnosed the hack. Â I’ll also share my lessons learned and bring in some WordPress security professionals to provide some expert advice.
“What the Fuuuuuh…”
That’s what I said when I tried to pull up this site, SocialMktgTech.com. Â All I got was an ugly error on my page.
I hadn’t made any changes to my site in months.  Frankly, since the Spring. I hadn’t been blogging at all so I knew I didn’t do anything to break it.  Something else must have broken the site.  With the site was down, I couldn’t log into the WordPress admin console to look for clues.  I was dead in the water.
Troubleshooting a Site Hack
What do we do first??? That’s right, Google it.
I searched “WordPress parsing errors.” This web page, and others I checked, said syntax errors are a result of either coding errors or plugins. That’s when it hit me…if I didn’t make a change, someone else did.
My site was hacked!
Luckily, my host provider, Dreamhost, has great support considering the cost. My buddy Ben let’s me ride his hosting account for free so I pay nothing. So, yeah, maybe their customer service could be faster, but again, since I’m paying nothing for it, it’s reasonably good. Â I logged a ticket with Dreamhost and they confirmed malicious activity on my site. They also gave me great advice on how to get to the root of the problem. I’ll get into that in the next post.
Getting Back Online
I soon realized that both my and my wife’s site, thefairlyoddmother.com were down. When your WordPress site is down, the only tools you have available are those provided to you by your hosting service.  Luckily Dreamhost does backups.  My site doesn’t change a lot so in this case restoring from a few weeks ago was just fine. After a few clicks both sites were back up. Since we had been on vacation, we hadn’t made any changes so we didn’t lose any posts.
So, this post is a bit of a tease. In the next post I’ll get into how to diagnose a WordPress site hack in detail. For now, go brush up on your Unix skills, you’re going to need them! Unix administration was one of my first jobs out of college and I have a fondness for an elegant regular expression (be still my beating heart). If you’ve never had to mess with Unix, here’s a tutorial.
Want to hear the rest of the story? Subscribe via email!
photo credit: Flickr
5 pings
[…] my WordPress site was hacked. The first post in this series shared the discovery of the hack. Â This post is all about diagnosing how the site was hacked with an eye towards cleaning it […]
[…] my WordPress site was hacked. The first post in this series shared the discovery of the hack. This post is all about diagnosing how the site was hacked with an eye towards cleaning it up. In […]
[…] my WordPress site was hacked. The initial post in this array common a find of a hack. This post is all about diagnosing how a site was hacked with an eye towards cleaning it up. In a […]
[…] my WordPress site was hacked. The first post in this series shared the discovery of the hack. This post is all about diagnosing how the site was hacked with an eye towards cleaning it up. In […]
[…] is the third post in a series on WordPress security. The story starts when my site was hacked and continued as I diagnosed the hack. In this post I’ll get into how I identified and then […]