I found out the hard way, that if you use WordPress, your blog is vulnerable. Awhile back, I set up a blog using the WordPress via Fantastico module in my host’s cpanel. It makes for a very easy installation.I hadn’t posted to that blog in several months and then I got an email from one of my visitors telling me that when she followed a link to that blog, it was a page covered with obscenities. Sure enough, when I typed in the URL, I had been hacked.
When I tried to enter the admin area, I found my user name and password no longer worked. So I went through the cpanel and uninstalled the blog through there. There weren’t a lot of posts and I figured deleting and starting over would be the fastest way to get back up and running. It was a knee-jerk reaction and I learned later I could have saved my previous posts. But I set up a new blog with a more complicated user name and password.
Fast forward a week later. I wake up that morning all ready to write a post on my main site about licensing and copyright infringement (could the hackers have gotten into my thoughts, too?) and there on my carefully organized blog home page was a notice that my site had been hijacked and was now under their control (religious extremists).
This time, I didn’t want to start over. I hoped there was a way to save my previous 250+ posts, but I was locked out of the admin area. I emailed my host’s support department and they told me how to go in the back door and make changes.
You can go in through your site’s phpMyAdmin area and do things like remove users (I had a recent one who’s name I didn’t recognize) and change your admin password. The instructions I followed were at: http://codex.wordpress.org/Resetting_Your_Password#Through_phpMyAdmin. I had to use the emergency script they link to. If you ever use the emergency script, be sure to delete it immediately after you’re done.
Once I got back into the admin are of my WordPress blog, I tried to write a post, but the hacked blog home page was still showing. I tried changing themes and voila, my original blog site was back and all my previous posts were intact. It appears the hackers came in through the theme (Vigilance) I was using at the time, because once I switched to a different theme, their message vanished.
All in all, the recovery of my site took about half an hour.
Here are some recommendations if your WordPress blog has been hacked:
1) reset your admin password by following the instructions above
2) immediately upgrade to the newest version of WordPress
3) backup the database used for your blog. (usually you do this when upgrading, but if you’re a frequent blogger, backup more frequently.
3) create a new password that isn’t easy to break. include odd characters like ! +))^& and throw in an occasional upper case letter along with numbers.
4) check out the excellent suggestions at http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/