I Was Hacked… Glad I Backed Up With Useful Plugin
At 4:51am Sunday the server on which this blog is hosted was suffered a “defacement attack by a hacker, at least that’s what my hosting company called it. I’d never heard of such a thing, but they call it that when only the homepage of a site is altered and no other destructive scripts or malware are planted. The hacker changed out the index.php page in every directory of this WordPress blog. (A screengrab of his idea of what Groozi should look like is at the end of this post.)
I remained calm, figured out a fix, located a clean copy of index.php from WordPress, replaced the hacked one with the good one, and was back in business.
After hunting around, I found a great plug in for WordPress called “Backup to Dropbox” (full info). The easiest way to install the plugin is to search for it within your Admin/Plugins panel of WordPress and install it from there, but you’ll need a free Dropbox account first.
If you are unfamiliar with Dropbox, it is “cloud” hard drive storage. When you sign up, you get 2GB of free storage and that’s where the plugin will automatically store a complete backup of your blog. You can even schedule backups. If you don’t have Dropbox, get it here. Full disclosure: If you use that link to sign up, you and I will both get an extra 256MB of storage, so we both win… cool! UPDATE (4-10-12): Now we’ll each get 500MB of free space!
Now I’ll have a recent backup of my entire blog including all my posts and images and I don’t have to remember to do it, the plugin does it for me. Here’s what the hacker’s handiwork looked like:
Blake J. Discherabout 10 years ago
Hey Valent. Yes, the DropBox process can be CPU intensive. This is just another method of backing up that saved me once. I do server-level backups as well. Thanks for the input!
Valent Lauabout 10 years ago
I've found Backup to Dropbox very unreliable, and at times randomly CPU heavy on the server. It's much safer to use a host that does daily backups for you since even with Backup to Dropbox the database restores will be a pain.
Roshabout 11 years ago
I've been there too. Good advice Blake. There are so many ways you can loose your site, auto back up is your best safety net. Rosh
Larny Mackabout 11 years ago
Thanks very much for this Blake. I just signed up. It's always comforting to have that extra cushion under your data-tush. best, Larny Mack
Blake J. Discherabout 11 years ago
Yep, inmotonhosting.com. There is a great forum entry on how to repair a Wordpress installation at http://bit.ly/p1WeqP. Simply replace the two index.php files and you'll be all set. There are links to clean copies of the two files you need.
Mikeabout 11 years ago
Blake, So I guess you are using inmotion hosting for the blog? My blogs been down since Saturday and the tech people from the company are not even answering the phones. I hear the hacker changed 720,000 sites index pages. They stated they were working with dedicated servers users first but no such luck and sites still down. Thanks for the head-ups about the plugin and dropbox service.