The recent unpleasantness

Back on October 11, 2015, this website was “hacked” by some random group of miscreants.

The hack placed new index.html and index.php pages in every folder, I learned upon further inspection of my hosted files via FTP. It made cleaning things up a bit tedious, but not difficult.

I think the problem was that I had several old WordPress installations hanging around on the server, which had vulnerabilities left unpatched by updates to newer versions. For example, I had an install from years ago where I just played around with new themes.

Before replacing/removing the added or changed index files, I first had to uninstall all the old WordPress sites, leaving only this one (which had always been kept updated).

I have learned some lessons, suffice it to say, about being diligent about security.

  1. WordPress updates – Always update to the latest version right away!
  2. Remove old WordPress installations that are no longer being used (and kept up to date)
  3. Backups – Make them regularly

It did have one benefit, however: It forced me to become reacquainted with my blog and all the files on the server. I’ve been neglecting this place over the past few years. I aim to change that going forward.