We got hacked Sunday morning. Malicious code was added to our index files, Java-scripts were replaced and file permissions were changed. I noticed it almost right away and was able to fix it quickly. But I had to delete all my WordPress plug-ins and I still haven’t finished reinstalling or reconfiguring some of them. So some things may look different for awhile.
I think they got in via FTP and I’ve taken steps to block off that route. But I would also like to do a complete reinstall of WordPress in case I have a security hole. It looks like it’s an easy process but I’ve never done it before and I’m very afraid of somehow losing all my content. I have backups but I also don’t have any spare time right now for fixing mistakes, especially big ones.
I’d really appreciate any advice you can give me about doing a reinstall or making MachinistBlog more secure. You can leave a comment or email me at rr(at)machinistblog(dot)com.
One good thing did come from this. I learned that I have a couple of plug-ins that are slowing down the web site significantly. I’m going to look at whether they’re worth keeping or if there are better substitutes.
Don’t know if you saw this. It’s not much…but you may get some use out of it.
http://www.problogger.net/archives/2011/08/11/take-5-minutes-to-make-wordpress-10-times-more-secure/