By Fabio Lanari (Internet1.jpg by Rock1997 modified.) [GFDL (http://www.gnu.org/copyleft/fdl.html) or CC BY-SA 4.0-3.0-2.5-2.0-1.0 (http://creativecommons.org/licenses/by-sa/4.0-3.0-2.5-2.0-1.0)], via Wikimedia Commons

The recent unpleasantness

Back on October 11, 2015, this website was “hacked” by some random group of miscreants.

The hack placed new index.html and index.php pages in every folder, I learned upon further inspection of my hosted files via FTP. It made cleaning things up a bit tedious, but not difficult.

I think the problem was that I had several old WordPress installations hanging around on the server, which had vulnerabilities left unpatched by updates to newer versions. For example, I had an install from years ago where I just played around with new themes.

Before replacing/removing the added or changed index files, I first had to uninstall all the old WordPress sites, leaving only this one (which had always been kept updated).

I have learned some lessons, suffice it to say, about being diligent about security.

  1. WordPress updates – Always update to the latest version right away!
  2. Remove old WordPress installations that are no longer being used (and kept up to date)
  3. Backups – Make them regularly

It did have one benefit, however: It forced me to become reacquainted with my blog and all the files on the server. I’ve been neglecting this place over the past few years. I aim to change that going forward.