UPDATE: Here is a good plugin to help you change and manage your wp-admin blog details. Also see this useful blog post “11 Vital Tips and Hacks to Protect Your WordPress Admin Area“.
So my site was hacked. What a frustrating experience. I had to live with that rather melodramatic Google malware message splashed across my blog, making you think that visiting it would result in an axe in your head.
It wasn’t a particularly exciting or dangerous hack. What the hackers did was insert some nasty code which effectively created an iframe, allowing them to generate hidden links on my blog to certain sites. It’s part of a worldwide denial-of-service hack aimed at bringing down major sites, rather than this here little blog or the users that read it. The links were at some point pointing to Yahoo and Bing in the same vein as the denial-of-service hack emanating from Georgia/Russia that hit Twitter this week.
What I did to kill the hack:
1. I checked all my wordpress php pages for foreign code. I’d view source my blog regularly to check for unsolicited iframes. I found two bits of code in my header (about eight lines of fairly hectic PHP starting with “wp_remote_fopen procedure”) and then a second bit of code on my main index page (the illegal iframe, calling up a dodgy site called “web-analizer.****”).
2. After I first removed the hack code, it came back again within 6 hours. I then disabled plugins that I had installed in the last 3 months, I changed and strengthened my blog password, database passwords and ftp passwords. (To one of those long, unpronounceable ones).
3. I let my ISP know, who then ran a virus checker (as a precaution) and generated FTP logs for me so I could see who had been accessing my account. I also changed my FTP permissions to “deny all:all”, which blocked everyone except me. Die hacker, die!
Why I’m disappointed with Google
Instead of contacting me or at least automatically generating an email to me warning me about the hack on my blog and then giving me an opportunity to take action — Google splashed the confusing malware message across the site giving users the impression it would somehow give their computers swine flu. Even Twitter then blacklisted links to my blog, replacing my blog url with “http://[ unsafe link ]”. As a Google Webmaster user, it would have been easy for Google to warn me. When I did submit reconsideration, Google took ages to get back to me and reconsider what is clearly a legitimate site. Hmmmmmm, Google, hmmmmm…