I’ve been using a couple of WordPress installations on my site for a couple of years now, one for the front page and one for the blog. The main page has been h*a*c*k*e*d three times in the last three months. Basically malicious code over-writes the main WP install and does Bad Things ™ and the site is useless after that.
This last time, around Thursday or Friday morning, they got to the main page as well as my blog. After several back and forths with the folks who host my site and keep backups and are necessary to perform site restores, it’s clear that both sites are irretrievably borked.
This has some upsides and some downsides.
The main downside is I need to rebuild my site tomorrow, so things will likely be a big wonky for a while. Additionally, it appears that where I added little images to the tops of most posts, those have either been lost or may need some munging.
On the upside, I get to toss together a new site. It’ll probably still be driven by WordPress because I’m reasonably familiar with it and I like the theming, but I’ll be going to a single install (having two was a side effect, not a goal) and applying a theme that gets updated as I suspect that one of my themes may have had security issues in it and it wasn’t being updated.
Of course, I also updated all relevant passwords, but so far as I can tell from my reading and the results, I believe this was an injection h*a*c*k more than me losing control of my passwords.
But, if it continues or repeats, I’ll have to look seriously at dropping WP and moving to something else to avoid this since it looks like many of these kinds of attacks happen because WP is popular, much as most virii are targeted at Windows – go with the numbers…
Oh, well. Stuff happens.