Over the weekend I was working on a few things including a post for this blog. When I went to login, I was greeted with the “red screen of death” – my blog was attacked by malware and Google had flagged it. I was devastated. This was the worst possible time for this to happen. I couldn’t believe it. I try my best to keep my blog safe. The only problem I had recently was when someone would visit any page they would be redirected to a totally different site after a few seconds. I was able to fix that problem right away. Could that have been the hint that something worst was yet to come?
See that image above, that was I saw for the better part of the weekend when I try to visit my blog. As I stated I was devastated. How could this happen to me? In my history of being on the web I only have been hacked once before (knocks on wood). Someone when in and placed a stupid splash page in replace of my blog. This time bad code was added somewhere in my blog. So I took to Google and my hosting provider to figure what I should do.
In this situation the first step is to clean out your site. Lucky for me I had just back up not only my blog’s database but also the entire site. This included blog posts, images and WordPress files. I figure the worst thing that could happen it that I would loose maybe a post or two. Thanks goodness that didn’t happened. Once I restore the backup, I needed to see if my site was clean. I used http://www.stopbadware.org and http://sitecheck.sucuri.net/scanner/. My blog came back clean but I was still seeing red. I still needed to make a request for Google to review my blog but had problems claiming it in Google Master Tools because of the malware notice. By this time it was getting close to 1am and I was falling asleep at the computer. I gave up and went to bed.
The next morning I got up and recheck my site again and it came back as still affected. I was confused because I got a clean bill of health before I went to bed. A light bulb went off and I check my blog in a Safari and was able to view it with no problem. I quickly went to the Google Master Tools, where I was finally able to claim my blog and make a request for review. Apparently my security settings on FireFox super tight. I also requested a review from StopBadWare.org as a backup.
After all that was done I just had to wait. Would it take a few hours or days or weeks? Time I didn’t have. I needed a green light on my blog ASAP. So I backed away from my computer and pick up a book. Late Sunday night I got the best news ever. My blog has been deemed clean. After all this I still haven’t figure out exactly where the bad code was injected. I knew that I had only made two changes recently. I re-added my HelloBar and reactivated the tweet old post plugin. However, in Google Master Tools they suggested three places where the code could be two blog posts and the homepage. So I removed the HelloBar, deactivated the plugin and took down the blog posts as well as my rotating ad spaced as a precaution.
What I’ve learned:
#1 – Back up your blog! I have in place the WordPress Database Backup plugin that sends me an email everyday with a backup of my blog’s database, but don’t just rely on this. Back up you entire blog. Log in your cpanel through your hosting account and download all of your site’s files and I mean everything. This way you will have a clean copy of your blog to do a quick cleaned up.
#2 – Claim your blog now in Google Master tools. Trust me it was easier to do now then after you get the red screen of death. If blog is on Blogspot then you are okay, apparently it already done for you. I found a blogspot blog I don’t remember creating. For others they four options – upload an html file, add a line of code in your header, through Google Analytics, or add a txt code to your DNS.
The next two are oldies but worth repeating.
#3 – Make sure you username and password to both your hosting site and blog is stronger and change it often.
#4 – If you are self-hosting your WP blog make sure you to are using the latest and greatest version of WP. And be on the look out of poorly coded free WordPress themes.