I always read about websites getting hacked and thought to myself “Hey these guys should spend some time on securing their websites”. I always thought that I would not be hacked as I did not leave my passwords on public computers and changed my passwords regularly. Boy was I wrong. Today some one placed a comment on my post. The comment was in Russian or Turkish language and I was really surprised that the comment appeared on the post without giving me the chance of moderating and approving it.
I tried to logging into the WordPress admin panel and was unsuccessful. The only thing I got was the dreaded “Incorrect username/password” message.
This called for drastic actions and I did the following.
- First I did damage control by renaming my blog folder via FTP
- Then I went into my hosting account and changed the database username and password
- I then connected via PHPMyAdmin and deleted the spam users on my blog.
- I did a backup of the wp_posts table and exported the SQL to my local computer
- I then dropped the complete database
- I then deleted the complete blog folder online
- I uploaded the latest WordPress 2.9.2 version online and installed a fresh copy
- I then uploaded the Lightword theme of WordPress and installed it
All the above steps took 40 minutes or so and my blog was back online. This is the first post I am writing after restoring the blog online.
As I did everything very quickly I did not spend time investigating the reasons how some one got into the WordPress admin panel in the first place and changed the admin password.
The only thing that comes to mind is that I had selected the “Anyone can register” checkbox on the Settings page and this may have allowed any one to register on the website. Then again I have unselected the option for the time being till I get to the bottom of this.
If you have anything to add then do let me know.