Entries tagged with wordpress

After carefully examining what I could of the HTML code in my Wordpress installation, I concluded that the best way to get rid of the reported injected spam links was to “nuke the entire site from orbit. It’s the only way to be sure.” - in other words, back up the blog database, delete all Wordpress files, re-install Wordpress and then import the backed-up database. I had contemplated moving my blog over to somewhere else, like LiveJournal or wordpress.com but I thought I’d give Dreamhost one more chance.

Of course, I’m going to take some better precautions, as recommended by some friends. These include:

Not installing random themes and plug-ins for the sheer hell of it. If I don’t like it, delete it.
There are some handy plug-ins that claim to provide better security, to whit:

Originally published at almost witty. You can comment here or there.

I host my main blog on Dreamhost, using Wordpress. This may have been a fatal mistake.

A while ago, someone emailed me to kindly point out that my site had somehow been hacked, and spam links injected into my HTML code. It wouldn’t appear on the site to human eyes, but it’s all there in the HTML code and picked up by Google et. al.

I changed all my passwords (Dreamhost, Wordpress, FTP), removed the hacked code and thought the problem was over.

Oh no. It’s just come back. Only this time, I can’t figure out where the code is. And since I changed all the passwords to begin with, it means that either Dreamhost or Wordpress has become seriously compromised. Although naturally my Google-fu is failing me and I can’t figure out where the problem’s come from. Although this post gives one indication.

Now I’m debating whether to carry on with this blog or move to yet another blogging platform like LiveJournal or something… bah… Or I could give up. It’s been six years, after all…

Originally published at almost witty. You can comment here or there.

Blog fixed… I think…

Wordpress plus Dreamhost = hacked Wordpress blog