I do not have a whole lot of hair on my head (thank you genetics). The last thing i need to do is pull out precious strands just because of some asshole and their desire to raise hell on my site and cause damage to my set up.
Recently a friend, Amanda (desertbookchick.com) had her wordpress site Hijacked. She logged onto her system and found that a significant number of changes had occurred. Getting your site hacked is never fun, and feels about the same as someone reading your personal journal aloud in a coffee shop, right before they advise you they spit in your latte while your back was turned. No Bueno!
It has a lot of the signs of a scripted attack (not personal)..
- admin account had been removed/altered
- ad-words code was injected through out posts
- various incomplete posts prepped for dispersal
Even though it is too late to assist Amanda, I thought i should write this up for quick reference to other users. It is good to be prepared.
To be honest, this is far from foolproof, and there is not much you can do to prevent things like this.? Someone will always find a loophole into a system. What you can do is prepare yourself for the recovery process.
My suggestions for self-hosted WordPress users:
1) Ensure you are up to date on your wordpress system. Any recent version (i believe as late as v2.7) has an auto version checker and updater. just keep an eye on it and let it do it’s thing when you see that an update is available.
The wordpress folks are keeping an eye out for ways that systems are being exploited and consistently patching the system to remove security risks.
2) Install a WP data base back up plug-in. An example would be WordPress Database Backup (easy to remember name!)
Set your back up system to EMAIL you back up copies of your database. you can have this done periodically, but the larger the gap in back ups, the more info you will have to restore by hand.
Personally, i have backups mailed every day, and save a rolling three copies. deleting a back up every day from my email is not much effort and is easy to manage.
3) Subscribe to your own RSS feed, and allow your RSS to send the full text of posts (not an excerpt). This is helpful for a number of reasons, including checking to see how RSS users view your data. In the end though, it is like a static back up of your posts, could prove useful later as you will see..
Restoring from a database failure or hacked account:
1) Log into your web host. To be sure that you get rid of all the nastiness that is active, it may be best just to copy your media directory, themes and plugins to a new installation of WP. If you have other directories, make sure you have them marked in your brain for reference so you do not loose anything.
Basically, back up your wp-content directory. Just move it to a new location for now. While you are at it, make a copy of your wp-config.php (it is in the root, where you can see wp-content).
Delete the rest of your wp directory, then download and reinstall your WordPress.
2) Replace the WP-Content directory to your WP directory. and wp-config.php
Log into WP and reactivate your Backup plugin.
3) Download one of your backups from email to a local drive. Log into wordpress and restore the back up.
4) Check your RSS feed and copy the post contents that may have been ost since the last back up, and add them back to your site. you can back date the entry to put it back into line.
5) from wordpress, run a manual back up. then make sure to change your WP passwords just ot be on the safe side.
Voila. a huge pain in the ass, simplified. Hope no one ever needs to go through these steps, but this is the easiest way to minimize the effort in restoring you beloved site from the sweaty palms of a cruel cruel asshole script writer.
even if you cannot restore with these instructions, you will have everything someone else needs to do it for you. backups backups and more backups :)