I got a shocking warning email from Google last Saturday... my site was distributing malicious code or "malware", so it was now blocked.

HOW DID IT HAPPEN?

It's clear I made some mistakes, but what was the CAUSE? 

The setup on the host server? (it's not my main host and they have since told me, they altered their server after my hacking report).  Was it the WordPress software I was running? Or was it something else? (of no doubt hundreds of things, I don't know about)

What I do know for sure, is several bits of nasty redirecting code were hidden in various places of my site, such as (for the techies amongst you) htaccess files and the wp-content, uploads and themes folders.

BUT HERE'S THE REALLY SHOCKING THING..

Even AFTER the first clean up, when I changed passwords for WordPress, FTP, database and hosting, they did pretty much the same hacks THREE MORE TIMES between Saturday and Monday.

I'm told they must have inserted some sort of "back-door" into the site, to use whenever they wanted.

To be honest, I'm still not sure if it's all fixed and secure yet.  I am hoping the server changes done by the hosting company will work, but it's too early to say.

 

I DON'T WANT YOUR SITE TO GET HACKED..

 

So here are the key lessons I've learned from this and want to share. There's two categories, PREVENTION and CLEANING.

 

To PREVENT, or more realistically REDUCE the chance of getting hacked:

 

1. Make sure you have updated your WordPress software, to the latest released version. (I had neglected the hacked site for some time - it was on version 2.8)

 

2. Set file permissions, particularly in the wp-content folder, to the most secure settings that will run on your server and still display your site.  (755 is a good place to start)

 

These are both pretty basic, quite honestly.  Search on Google and you will find LOADS more prevention tips, using properly clever stuff.

 

BUT WHAT IF YOUR SITE DOES GET HACKED?

(could happen sometime.. probably will)  

 

You will want to be able to CLEAN it quickly and effectively (this is I think, the most important bit of this post).

 

You don't want to have to fallback on cleaning individual files, like I had to.  Instead, have a proper backup copy of ALL current files and folders, plus the WordPress database.  

 

Here's a video showing how to do proper backups... 

http://websiteworkshop.net/members/backing-up-video/  

 

You can then just restore your entire site from the backup and in one fell swoop, remove any "back door" nasties that might be hiding.

 

None of this is rocket-science.. it's all rather boring (until you get hacked).  

 

But PLEASE actually do it for your sites.  If the worst happens, these boring steps will save a lot of your time and minimise loss of income.

 

Who needs a Twitter app? It looks pretty good in Safari on iPad..

Arrived today by UPS courier.  Just opened the box (with a nice "out
of box experience"), although not much inside the box, apart from IT.

Then synched with iTunes (and needed to download the latest 100Mb version).

The iPad is shockingly lovely to handle and use, even after all the
worldwide hype.

This quick picture with it sitting on top of my Toshiba laptop PC,
does not do justice..

Yum yum. Think I will like this expensive purchase.

Here are some more photos I took tonight, during a lovely Summer's
evening walk at the National Trust's Sissinghurst Castle in Kent.

Beautiful Summer's evening here, so I popped down the road to the National
Trust's Sissinghurst Castle in Kent, to take some photos.

Just after 6pm, there was virtually no one else about (usually it is
very busy). I got some delightful pics.  Here is just one..

A rare chance to photograph Venus and Mercury, when close together in
the western twilight sky.  Taken on April 8th 2010.  

A 6 second exposure at ISO 800, with a Canon 1000D digital SLR camera (hence the bright red twilight, rather than fairly dark).

The scene was visible with the naked eye, but Mercury was not as clear as in the photo.

 

The new 3.0 version of lovely WordPress, is soon to be fully released.

So I thought I should install the latest WordPress 3.0 Release Candidate (RC1) as a demo site and take a good look around.

I really like the new default theme (the old Kubrick and Classic themes are no longer included in the package).

The new "Twenty Ten" theme includes a horizontal page menu, which I always prefer because it helps visitors find your Wordpress pages, plus a modern, clean, white appearance (although I see it has the facility in the admin area, to easily use an alternative background image, if you want).

I look forward to trying out WP 3.0 properly and giving it some serious exercise!