If you’re reading this directly on my site and not through an RSS reader, you might be wondering what’s up with the theme.
Funny story. And by “funny” I mean “not funny” and by “story” I mean “incident with some hackers.”
For the last couple of years I’ve been using Woo Themes for my theme, and a year or so ago they had some trouble with an exploit of their timthumb.php file. I did the recommended updates, changed passwords, etc., and a scan of my files told me I was in the clear. I update my WordPress installs regularly, and a call to Bluehost told me that there were no back doors to my site.
I called them up, and after waiting nearly 45 minutes was told that this morning they had identified a script on this domain that was causing issues with the server it’s hosted on. They removed the script and deactivated my hosting account as a way to get my attention and say hey, asshole, fix your shit.
The man I spoke to from Bluehost’s tech support team was really, really great. He was sympathetic to my plight, and ran several scans on my entire account to ensure the exploit only affected this one domain. From what he found, there was only one file that was placed, undoubtedly back during the Woo Themes issue, and nobody had bothered to come back and try to mess with my site until today, when Bluehost noticed the issue.
Although their team had already removed the offending script, he went ahead and ran a few more scans while I was on the phone just to be sure. Because nothing else turned up, he didn’t feel it was necessary to wipe my entire hosting account, but did suggest I wipe the domain that was affected and reinstall a fresh version of WordPress.
I’ve spent the last 30 minutes exporting content in various forms and making note of any custom CSS and core file changes I’d made, but because my database could have been compromised I didn’t want to import it into the fresh install. So I am going to rebuild the site by hand, design-wise at least. It’s not exactly how I wanted to spend my weekend, but you can’t always get what you want.
Thankfully I was already making regular backups of my content, so I knew that even if Bluehost had to completely wipe everything before I got a chance to get any files, I would be OK.
I’ve been cracking down on myself lately with Internet security, but I think this (and a recent Yahoo address book issue) serves as a good reminder that you should never feel like you’re untouchable. While I can’t afford the services of companies that vow to keep your site safe and remove any malware that’s detected (those run about $300/year, which is insane for someone who doesn’t make any money off her blog), I can do a better job of trying to keep my site as secure as possible.