Our Blog Was Hacked!

our blog was hacked

We feel a bit more significant now that our blog was hacked!

The past few weeks have generally been a giant pain in the ass, what with jury duty for both C. Che and myself (I went last week and he is there now) and both of my WordPress blogs being hacked.

Seriously, I stupidly thought that because my blogs are relatively small and not full of crazy traffic, hackers wouldn’t care. Well, I was wrong.

A couple of weeks ago I tried to log in to the admin dashboard of PilatesandReiki.com, only to be greeted by a wrong password message and no receipt of reset emails. When I logged into mysql over at GoDaddy, I discovered that the email and password were changed.

Our blog was hacked!

When I reset the password and logged in successfully, I was greeted by four “j”s at the top of a blank white screen. Yay!

So we restored my database (GoDaddy saves backups) to two weeks prior, and it has been fine ever since.

Yesterday C. Che BBMed me from Jury Duty (yes, we still use Blackberry) to tell me that Zombie Killing Stoners had a problem. Our blog was replaced by some Islamic militant hacker page. Once again, our blog was hacked. Sigh.

So I went to mysql, deleted the two new admins from the database, and changed my password. Then I downloaded and ran a scan with the free version of Wordfence, which identified and quarantined the altered index.php and a few other files.

I then went into my files on the server and deleted all unused plugins and themes, along with the main .htaccess file (wordpress will automatically create a new one). And I deleted the extra database tables from mysql.

We are all good, except that no images are showing up on the blog. The files exist and they are in the uploads folder as they should be, but for whatever reason they are not connecting to the blog content. Sigh.

I am pretty sure I need to delete the whole folder and re-upload the images via the dashboard. A giant pain in my ass, yes. But at least I have ownership and control again!

UPDATE – Images not showing problem is fixed! All I needed to do was go into Settings – Permalinks – and hit the Update button. So happy!