Chilling_Silence's blogSite got hacked – Pictures and things missing
So I got hit by the bug in WordPress-3.3.0 and basically a little over a dozen sites of mine were hacked shortly after New Years Day this year. Got them all back up and running (What a PITA that was), but it means there’s no pictures coz I nuked all of them in my rush, as well as the backups that I had.
Here’s how I fixed it:
- Move the folder so it’s not web-accessible
- Extract a fresh copy of wordpress
- Copy the wp-config.php file back across, but clear up the first line before you do which usually contains some exploit
- Modify the rows such as “define(‘AUTH_KEY'”, and delete one char from each of the keys, and replace it with something else random. This prevents any cookies that may be saved from working.
- Check your SQL — Chances are they’ve not bothered, coz they just wanna do a 301 “permanently moved” redirect, not piss around with your SQL.
Then you can slowly go about restoring the files from your wp-content directory, as well as themes etc…
It’s a pain, but I’ve found that to be the easiest / fastest way to do it.
Ouch. This prompted me to look for a WordPress security updates blog. I couldn’t find anything really good, so I ended up subscribing to the RSS feed from here: https://wordpress.org/news/category/security/
Turns out you also need to subscribe to the releases feed: https://wordpress.org/news/category/releases/
Sweeeeeet, thanks for the heads up. Might just do that too!