MatthewValitalo.com

Another year, another blog post, I guess.

So before I went into work yesterday, I decided to run a full scan on my Windows 7 machine in Security Essentials. It was just some sort of feeling, and it turned out to be a boon. When I returned, it found some PHP backdoor script in my WordPress backups.

I ended up just exporting my WordPress content as well as my database stuff and backing that up, then just deleting the entire directory and reinstalling. I put my wordpress config back in, reinstalled my plugins and theme, then I had to reupload those bear pictures from the post two years ago.

I’m not sure how this rogue script got there, and there were probably a lot more that got wiped away with the fresh install. Maybe it had something to do with the DreamHost breach? But that was in January, and the script (which, by the way was /wp-admin/includes/class-wp-theme-edit.php) was uploaded October 21 of last year, according to FileZilla. I didn’t see anything suspicious in my database, but that will need a deeper look.

I did take a look at the one script though. I took a look at it in gedit on a linux install because MSE wouldn’t have any more of it. Looks like those responsible claim copyright for their script to 4ngel.com, (I don’t suggest going there) perhaps a Korean hacker group. Not sure if stupid, fake, or just arrogant.

Anyway, treat this as a PSA of sorts. If you’re thinking of starting your own WordPress blog, the first thing you should do is take measures to secure your blog. I’ve been using the Ultimate Security Checker plugin, and am starting to check out the WebsiteDefender plugin, which supplements USC.

Another great plugin is BackWPup, which you can configure to back up your WordPress install easily, even to services like Dropbox! Yeah, backups are extra work, but you really never know when you might need them. Also, keep your passwords long and strong, and change them often!