I normally use Google Chrome to browse the web. On Wednesday I logged in and found that my WordPress administration dashboard was completely screwy. It had no formatting – all the elements of the dashboard were left-aligned in a neat, single-file list. This had happened to me once before and all I ended up doing was re-installing WordPress using the automatic tool. I had heard there had been mass-hacks of WordPress sites recently, but I checked and nothing seemed wrong with the public side of Raging Tech when I pulled it up in Chrome.
Re-installing didn’t fix the issue, which is problematic because navigating to post on the blog was tedious at best in this condition. I pulled up my site in Internet Explorer (IE) and found that my blog was redirecting to a malicious (malware) fake anti-virus software site…! I freaked out because I’m just getting back in to writing; I didn’t need to lose new readers to malware.
My default install of WordPress was apparently not-so-secure out-of-the-box (hyphenated words!) The hackers had taken advantage of a WordPress security hole before it auto-updated, and injected code into the files of my blog’s theme files. I stepped back, swallowed my fear and two shots of Jack. After I re-established a fresh, manual install of WordPress and restored a clean copy of my theme, I hardened the security and used just a few new plugins. I didn’t install any of the cruft that my web host includes for their automatic install of WordPress.
I think everything’s back to normal. It took right around an hour to clean up the damage, change passwords (just to be sure, though I don’t have any evidence to support the database or my password were compromised) and finish off the flask of Jack. It was pretty simple – I’m not going to post instructions because it’s easier just to do it. If this happens to your WordPress, reach out to me via e-mail or Twitter and I can try to help you out. (You provide the Jack.)