For those of you who purchased my ebook on securing WordPress, you probably have signed up for my exclusive security newsletter.
I just sent out an email to all my subscribers but really felt everyone needs to know this information because there’s been another round of hacks targeting web hosts, WP Blog Host included.
So here’s my newsletter’s content. I hope you find it insightful.
You know how much I HATE those freaking malicious hackers, well guess what? They did it again and there’s not much we can do to stop them.
Just finished reading a warning on Sucuri.net which mentioned that GoDaddy (and I’m sure possibly other web hosts) got hit with another round of hacks today.
Here’s the article
If your site is hosted on GoDaddy, please make sure you have an updated (and good) Anti-Virus program installed on your computer before visiting your site.
Here’s the Anti-Virus program I use. It works really well and always warns me and blocks virus sites when I go to them.
To check if your site has been hacked without actually visiting your website, do the following:
1. Log into your web hosting control panel
2. Find any file with the extension .php – for example, index.php
3. View that file’s source code in your web hosting’s file editor. If you don’t have a file editor, download the file to your computer and open it up with a text editor.
4. If at the very top of your file you have a huge block of code which obviously shouldn’t be there, then you’ve been hacked.
What does that code look like?
Something like this at the very top (with a long on going string of random characters – the dots):
How To Fix Your Site Easily If You’ve Been Hacked With This
Sucuri.net has an awesome script which will quickly and easily remove this hack for you, all automated.
Get their clean-up script here.
Follow the instructions on the website which basically tell you to:
1. Download the file
2. Rename it to wordpress-fix.php
3. Upload it to the root folder of your website
4. Run the script by visiting http://yourblog.com/wordpress-fix.php
5. When it’s finished, check your .php files and see if the hacked code is gone
6. When it’s finished, delete the file from your server.
Please note that this hack was a hack which came through on the server level, which is above anything we can do to prevent our sites from getting hacked.
The good news is if you have the WordPress File Monitor plugin installed, at least you’ll be notified of the changes.
If you run into any issues, my door is always open, but it is getting late and I may not get back to you until tomorrow.