ADVERTISEMENT
I know many of my readers here at UpstartAgent currently use wordpress to run and maintain their real estate blogs. If you haven’t updated already, it’s a good time to make sure you’ve got the latest version of 2.8.4.
Normally I’m a little hesitant to upgrade since a lot of times it seems like something always breaks due to a wordpress plug-in or other mishap. But after one of my sites was hacked into (thankfully not this site!) it took me hours to figure out and fix the problem.
The worm pretty much finds a security glitch in older versions (I was using 2.7.1 on the sites that were hacked into) and creates a new user as an administrator. The administrator is invisible, meaning you won’t see it from your users dashboard – though you might notice you have two administrators instead of one.
The other problem you might notice is that all of your permalinks are broken. The one site I update often I noticed this right away when I went to add a new post – there were a lot of weird characters after the permalink title. The other blog unfortunately took me almost a week to realize it was affected – and it dropped down significantly in pageviews and traffic – and lost its pagerank also.
To fix this problem here’s what I did – and I’m hoping that it really does fix it, I can’t seem to find anything specific on it so if you have any tips or are a wordpress hacker expert then please let me know!
1. BackUp Everything: Back up your database, back up all the files on your site by downloading them onto your computer. This might take a while if you have a lot of posts like I did, but at least then you’ll have the hacked into version to revert back to if you completely mess it all up, as I was terrified of doing.
2. Log-in to PHP Admin: I logged into my database and went under the table of users. Sure enough, there was my mystery man. I deleted him manually because I couldn’t figure out how to do it from the wordpress interface.
3. Delete Every File From Your Server: Yikes, I know, this is terrifying. But I did it. MAKE SURE YOU HAVE A BACK UP AND DON’T NEGLECT THEMES, PLUG-INS, AND UPLOADS FOLDERS WITH YOUR PHOTOS!
4. Download the Latest Wordpress: Download the latest wordpress and make sure you replace the uploads folder with the one you had on your server – this has all of your pictures and media files. Also make sure you place your theme into the themes folder and all of the plug-in files you used. You’ll also need to put your database info into the wp-config file like you did the first time you installed wordpress.
5. Upload New Wordpress: Use Filezilla or another FTP client and upload all of your files back to your server and cross your fingers.
6. Adjust Settings: You’ll need to check your settings for things like permalinks – be sure that those pesky characters in the custom permakinks section are gone – it should just look something like this:
/%postname%/
If you see anything with the words eval or “)” symbols delete it.
You’ll also want to reinstall your plug-ins and set up any other settings you had in the other options.
7. Visit Your Site: Hopefully everything is back to normal. You can verify that everything is okay by reading your source code (go to view source under the View tab of your web browser) – if you see anything fishy do a google of it and see what it is.
Like I said, I am no expert in understanding wordpress worms and security bugs and fixes, so if anyone has any other precautions I should do please let me know. Hopefully this will help you all out if you do somehow get affected, and it’s just another lesson for me to learn to keep my sites up to date with the latest wordpress versions and to check them regularly even if there is no seemingly need to do so.
Has your site ever been hacked into? Any advice for dealing with wordpress hackers? Share your experiences and comments below.
3 Comments
Didn’t know such a thing can happen. I don’t update wordpress versions regularly since (as you’ve said) the latest version may not be the most stable and some of my plugins may break. Perhaps what I can do is to monitor the users at the wp-admin page when there’s a new WP version and I’m not yet comfortable updating.
It is recommended to update regularly. With that being said I always wait to see what others are saying about the new update before hand. This way I can skip an update if need be.
Am I right that this worm is the toughest attack on Wordpress blogs to date? It’s a good thing the WP army has already come out with the latest version of the CMS with tighter security. While it may be an inconvenience for some to upgrade their WP version every few weeks or so, it’s great that its free and it keeps on getting better.