I was off for Family Day yesterday and I had planned to spend Flora’s naptime getting some writing done for this site.
(Sean was trying to spend his time catching up on some work. Our priorities may be a little messed up here.)
It was bad enough that Flora wouldn’t nap, but then I discovered that my site was hacked. So that put a stop to any writing I planned to do.
Let’s say this again. My site – my tiny little site – was hacked. You’d think this meant that I have hit the big time and that my site was worth hacking, but my stats don’t reflect this. I think this jagoff decided to hack my site just because he could. (I assume said jagoff is male – the name on my hacked page read as male, but maybe I’m wrong. Either way, still a jagoff.)
So I spent Flora’s non-naptime trying to remedy the problem. Trying to fix a web problem I’ve never had before with a non-napping toddler hanging off my every move wasn’t very effective. I did what I could, then got back to it after she went to bed. I went to bed with the site up but unsure of how to keep this from happening again. I did lots of Googling but I was having trouble with the more complicated concepts. I’ve been blogging a long time, but I’m fairly new to WordPress, so fixing its issues takes more time for me.
These articles helped me, and I’m posting them here in case you need them for your own site. (I hope you don’t.)
- WordPress Codex: FAQ – My site was hacked
- Digging into WordPress: Pimp your wp-config.php | digwp.com
- WordPress Codex: Hardening WordPress
I’ve done most of the things these articles mention and I hope they’ll help against future attacks.
This is a big reminder to keep regular backups. I was able to restore the site because I had been backing up my database. Had I not done that, I could have gotten the site back up, but with no content. What’s the point of that?
So back up your stuff and do whatever you can to protect yourself. Hackers even want the little personal sites, not just the big guys.
(Note that these tips apply to self-hosted WordPress sites, not WordPress.com sites.)