![By Fabio Lanari (Internet1.jpg by Rock1997 modified.) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 4.0-3.0-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/4.0-3.0-2.5-2.0-1.0)], via Wikimedia Commons](https://i2.wp.com/neilmcintyre.ca/wp-content/uploads/2016/01/Internet2.jpg?fit=825%2C510&ssl=1)
Back on October 11, 2015, this website was “hacked” by some random group of miscreants.
The hack placed new index.html and index.php pages in every folder, I learned upon further inspection of my hosted files via FTP. It made cleaning things up a bit tedious, but not difficult.
I think the problem was that I had several old WordPress installations hanging around on the server, which had vulnerabilities left unpatched by updates to newer versions. For example, I had an install from years ago where I just played around with new themes.
Before replacing/removing the added or changed index files, I first had to uninstall all the old WordPress sites, leaving only this one (which had always been kept updated).
I have learned some lessons, suffice it to say, about being diligent about security.
- WordPress updates – Always update to the latest version right away!
- Remove old WordPress installations that are no longer being used (and kept up to date)
- Backups – Make them regularly
It did have one benefit, however: It forced me to become reacquainted with my blog and all the files on the server. I’ve been neglecting this place over the past few years. I aim to change that going forward.