I have just been through my various passwords and tightened them all up. I have also removed “admin” accounts from my sites. Something that was long overdue and was annoyingly exploited by a hacker.
Doing this tidying up did not take long, it took me a bit longer to find out what had been done to my WordPress sites – this one and Friends of Baildon Moor. When using the Twenty Twelve template the main page just displayed a “Hacked” message yet when I looked at the page source code everything looked normal. Firebug, or the tools in Chrome, showed just the hack message as the page. This at first didn’t make sense but I now realise that the hack was creating a new document.
I assumed that the hack was in the php or css files for the template and used WinMerge to look for differences. I have a cron job that sends me a list of files with a modified date/time within the last day, nothing was in the list so I assumed the hacker had been clever with the dates on the files.
Leave a Reply