Recovering from hacked website

My website was hacked last week, and to prevent problems I completely reinstalled my blog.  While I’m not sure, it looks like the hack probably came through the blog.  It will take some time to rebuild. I will work on getting content about water-soluble encaustics up first, since there has been some interest. At this time, I am going to turn all commenting off, so I don’t have to install plugins that may lead to future problems. I apologize for this and regret it, since there have been some very interesting and useful comments recently. But I don’t have the desire or time to be a system manager. I want to paint, not watch updates like a hawk.

Notes about rebuilding a self-hosted wordpress blog from my experience:

1. The best way is to have all sorts of backups that you can use, but, ahem, I didn’t. So I totally deleted all blog files, exported the possibly hacked database as an xml file so I at least had text of my blog entries, then created a new blog from scratch.

To repopulate the blog, I looked first to the xml file, but it was a huge and unfriendly file, with the blog text in numerous revisions.  Two things turned out to be far easier –  1) Go to the wayback machine, and if your site is on it, copy and paste posts, inserting photos and adjusting post dates as needed. 2) Use Google search to find the most recent post you remember. Go to Google’s cached file (using the down arrow for additional options), copy and paste into a new WordPress post. Adjust the date to the true date it was posted using the Publish toolbar in WordPress. Return to google, make a note of the previous blog entry name (noted in the lefthand corner), return to google, search that name and go to that cached file, etc.   Sounds crazy but it went surprisingly fast, and it’s kind of a trip down memory lane.  Artists like that better than trying to be system managers. Photos have to be found and relinked, but at least the google cache has the photo name and you can search for it if needed.

Next time:

1. Always export the blog data from WordPress  regularly using the Tools/Export command in the dashboard.  I didn’t have this, but I ran a test copying a blog over to wordpress.com, and it worked quite well.  With the original test blog functioning, I got all photos, but I am guessing you have to manually load your photos into posts when your old blog is completely trashed.  Just a guess, since the files aren’t big enough to have all those photos embedded. Having this backup would sure have made life much easier. I will now do it after every large post.

2. Always back up the folder on the website that has all photos, so you have copies if you can’t find them on your hard drive. This is in ../wp-content/uploads/.

3. Back up the SQL database reasonably often, and be sure you have a clean copy of the wp-config.php file, or have written down the table prefix in the  wp-config.php. Without this and the passwords to get into the SQL management, you won’t be able to re-link the database to a new install of WordPress.  The line you are looking for is: $table_prefix =. See http://wiki.dreamhost.com/My_Wordpress_site_was_hacked#Step_4:_Install_a_clean.2C_unhacked_copy_of_WordPress for what this is all about.  I decided not to link the old database, because I was worried it was hacked. My husband tells me you can rebuild an SQL database and clean it out, but I wasn’t confident to do this.

By the way, if you change the password of the SQL database administrator, the PHP_config file may have to be edited to match. It includes the password.

4. Organize all photos used in your blog in one place to make life easy.

5. Keep WordPress on automatic updates, turn off comments, and don’t use any plugins or themes other than the ones provided. These are good entry points for hackers.

We shall see if I succeeded in cleaning up  the hacked mess.