Back on October 11, 2015, this website was “hacked” by some random group of miscreants.
The hack placed new index.html and index.php pages in every folder, I learned upon further inspection of my hosted files via FTP. It made cleaning things up a bit tedious, but not difficult.
I think the problem was that I had several old WordPress installations hanging around on the server, which had vulnerabilities left unpatched by updates to newer versions. For example, I had an install from years ago where I just played around with new themes.
Before replacing/removing the added or changed index files, I first had to uninstall all the old WordPress sites, leaving only this one (which had always been kept updated).
I have learned some lessons, suffice it to say, about being diligent about security.
- WordPress updates – Always update to the latest version right away!
- Remove old WordPress installations that are no longer being used (and kept up to date)
- Backups – Make them regularly
It did have one benefit, however: It forced me to become reacquainted with my blog and all the files on the server. I’ve been neglecting this place over the past few years. I aim to change that going forward.