Last Saturday, I finally figured that my blog was hacked. Initially, I was pretty upset. You see, I just hit the one year mark for my blog. I was excited, happy, proud of my accomplishment, and was throwing a giveaway to thank my readers. I really didn’t have time to troubleshoot your embedded code surprise. But stepping back, I actually realized I should be thanking you.
Don’t Ignore Symptoms
On Wednesday, I was making my rounds commenting when I noticed their Comluv plugins were all failing. I just assumed Comluv was having issues because this has happened before. On Thursday, I noticed my Yakezie Blog Network listing wasn’t updating with my latest post. What on Earth is going on? No big deal. I put it on the backburner because I had to prepare for my giveaway launch on Friday.
Open Your Eyes
Whew. With the giveaway in full gear, I went back to making my rounds. But the Comluv plugins were still failing three days later. My WordPress admin pages were also displaying in an un-useable format. This is too strange. I finally opened my eyes and saw XML errors. That’s when I realized nothing is wrong with Comluv. Something was wrong with my RSS feed. That’s why the Yakezie directory wasn’t updating either as it taps my RSS feed to list my most recent post. I drilled deeper and my RSS feed looked like an unformatted scramble of my posts. I was so focused on my giveaway, I went on a wild goose chase and started modifying my giveaway post. Everything was fine before this post, it has to be this post, right? I removed a copyright symbol. I removed another uncommon formatting code. No dice. I clicked through my RSS feed again and finally noticed this code at the end of my feed.
I logged into my site and dug around my root php files. I then found this on the top of a few pages. The code has been shortened as it wraps around almost 100 times.
<?php /**/ eval(base64_decode>
After Yakezie’s hosting company was hacked a few weeks ago, I backed up my files. As an experiment, I copied my old WordPress files back to my site. Ironically, they did not overwrite the files so I had two copies. I then deleted the hacked files. My heart dropped as my blog loaded the infamous error message, “Page cannot be found.” I quickly restored back to the hacked files and my blog came back up. I can’t function without my admin pages or an unreadable RSS feed. Looking through my WordPress directories, the above code was on every PHP file, including sub directories! I waved my white flag and contacted iPage tech support.
I described my issues and they escalated to their specialist. Tech support recommended I change my passwords to strong passwords and check my control panel for status updates. After about an hour, I was updated that my page was restored. Thumbs up for iPage! My RSS feed checked out and my admin pages were back online. To conclude, although my WordPress password is strong, I forgot to strengthen my iPage admin password when I created my blog a year ago. This has access to my FTP site and an open door to all my files.
I also need to re-evaluate my backup, restore procedures. I have my files backed up, but it did me no good when it came to restore. You know what they say, your backups are only good, AFTER a restore. I am backing up my post, comment data, and my database, but my WordPress file backup failed me. I will use strong passwords from now on. I thought it couldn’t happen to me. It happened to me. If you were like other hackers, you could have went medieval on me, deleted my files or rendered my blog useless with a spinning animated gif. You instead slapped me on the wrist by embedding your code in my WordPress files. Your kung-fu is the best and I received my wakeup call.
P.S. If you’re shopping around for a webhost, I may be biased, but iPage stepped up in my moment of need. For more information, feel free to click on my affiliate link below. Finally, who needs Scully and Mulder when you have The Lone Gunmen!
Disclosure: We are a professional review site that receives compensation from the companies whose products we review. We test each product thoroughly and give high marks to only the very best. We are independently owned and the opinions expressed here are our own.