There’s many ways a website can get hacked or taken down. Trust me, you don’t want it to happen.
For example, it’s the scariest thing to click on your website – and be forwarded to un-secure website you don’t own. That’s what happened to a client recently. Their home page looked fine, and yet every link you clicked on forwarded to another website. At one point, it wasn’t loading at all.
After much hair pulling, I recovered my client’s website. A month later, the same thing happened again, and the same solution worked. Below, I’ll share my fix, and also my list of recommended “damage control” tasks to help prevent it from happening again.
Recovering a website that was compromised
After I couldn’t log into admin panel, and I couldn’t log in to my server via FTP, I knew something was up. I logged into my mysql server to see if I could access the website’s database. Luckily, that worked. It didn’t take me long to find that the site’s two URL fields in the WordPress database were incorrect. After I updated these fields to our domain name, the website came back online. Phew!
yes, that was a relief….BUT yet how did that happen in the first place? and how can we prevent this from happening again?
Securing a website after it was compromised
For Dreamhost users, the following steps should be taken to ensure password security:
FTP: Change your users’ password(s) by clicking under the “Action” column for that user in your Web Panel: https://panel.dreamhost.com/index.cgi?tree=users.users
Mysql: Change your database password(s) by clicking the database username in your Web Panel:https://panel.dreamhost.com/index.cgi?tree=goodies.mysql IMPORTANT: Don’t forget to modify your site’s configuration file (wp-config.php) to reflect the new password.
Use a complex (8-31 characters) password or passphrase that contains mixed case letters, numbers, and symbols. You should avoid using dictionary words (in any language), names, dates, addresses, phone numbers, etc. as these can potentially be guessed or acquired through other sources. The username that the password is being used for, or the domain name/site name the user is attached to should never be included in any part of the password. Also note that it is a good idea to periodically change your passwords.dreamhost.com
WordPress Admin: Change WordPress admin password, and any other WordPress user’s passwords.
Remove inactive WordPress users
- Did Dreamhost (or your hosting provider) make an admin user? Delete it!
To come back to the question of how did this happen? I haven’t found the answer and I’d love to hear some suggestions or clues! What I have found from experience is that Backup Buddy seems to be causing more problems than I’d like.
Other related resources: