Hacked!

Last Monday, while I was enjoying the comedy stylings of someone hacked my site. At the very least they managed to install either a plugin or a script that would send any login information to an outside email. That’s why some of you may be seeing a warning from Google telling you this site contains phishing content. It took me until Thursday to realize what had happened and we’re still trying to deal with this situation, which is also the reason the site looks different as I write this.

While we were trying to figure out the extent of the damage, we noticed several other security holes possibly created by this hacker. You can imagine how utterly thrilled I was to notice this. Instead of trying to find and fix all the holes, we decided to nuke the site from orbit and start over with a newer initial version of WordPress. We’re still working to get everything set up. As a result, the look and feel is still far from what I want it to be.

But at least for now, there are no phishing scripts on my site. This is by no means an invitation to test the boundaries. This one wasn’t a huge disaster, but the next one might be. So we’re putting in a good amount of effort to at least try to prevent the next one. It will probably be coming down the road that I either have to start buying this service from someone else, but I am so very not there yet, just for traffic alone. I am a very small fish and buying that as a service on WordPress is just not worth it. And for now, I’m not interested in moving to Squarespace. But if it gets more difficult and time consuming to keep up this site on WordPress, I might have to go there instead.

Takeaway

  • Back up your shit! I’m basically losing little to no content because I have backups of everything. Probably more than a few broken pictures that I need to re-upload, but at this point I consider all of that as more of a cosmetic issue vs an architecture issue. And since we’re still working on getting the architecture to a more stable place, that kind of stuff is going to have to wait. But regular back-ups are and continue to be your friends everywhere they’re feasible. The more automated the better.
  • Update your shit regularly! My site was more or less up to date at the time of attack, given that I had just updated everything after I finished writing the last post. But out of date software continues to be one of the most common vulnerabilities out there.
  • Clean up your shit! Also with some regularity! We’re still trying to figure out how they got in. It is a good bet that something in the six-year history of this site I did either didn’t work out or caused some unintended consequences. So it’s a good idea to remove unused plugins and delete any files associated with them.

Hopefully, by next week, the site will be back to normal and I will be talking about Magneto’s family instead.

What have you done lately for your own data security?

Leave a Reply

Your email address will not be published. Required fields are marked *