A True Story of a Hacked WordPress Blog
A guest post submitted by Dan Morris
I've got an extremely important message for you today.
I need you to know this in your heart so it never happens to you. I got hacked this week making all my sites, including my clients' sites go down and appear as having a virus. Very very bad. But I could have avoided it, had I really thought about this.
Here's what you need to know and do:
Ever buy a domain name, start setting up a site and then get distracted? Or you had a good idea but then you just didn't do anything with it? Then the year rolls around and that domain comes up for renewal and you just let it drop. “That was a good idea at the time, I guess”. Well, I did that several times. And never thought anything about it again until today.
Today is when doing that cost me my entire network.
This domain I bought a few years ago, put WordPress on and created a landing page for was long gone from memory. I no longer owned the domain, BUT. . . . .The WordPress files I had set-up for that site still existed under my hosting account. Not renewing the domain didn't make those files go away. They're still there. And they're completely out of date. The WordPress Install hadn't been upgraded, obviously. The plugins had expired. The files were totally free to be hacked – even though you couldn't get to them online. And so once they hacked into one of those old files – they got everything.
If you get rid of a domain name or site, make sure you delete it in its entirety – EVERYWHERE. As long as you know that now, this will not happen to you. If you think there's a chance you did that in the past -go fix it. And if you have no idea how to know, call Regina.