A short while ago this site was hacked in the backend by a script kiddie exploiting a vulnerability through swapping out the default theme. Harmless, but I spent a good while figuring out what they’d done and how, to be able to block it and prevent it happening again.
This time I’ve been hacked by some pro-Palestinian group or something – weird as I’m heading out to Saudi Arabia in a few days time and no-where does this blog mention anything about the Middle-East or politics. I didn’t spend half as much time fixing this one. In fact I must thank the previous hacker for enlightening me – and each subsequent hack makes me analyse my security more.
These cyber-jihadi’s were more capable, in that they had changed my password and default email. Thankfully I googled and quickly found a useful blogpost from Mahesh Kukreja for restoring my login. It seems that the hacker had exploited a known vulnerability in WordPress that had not been fixed in my implementation (despite being the latest version).
I’ve blocked the IP address, and the exploit (using security logs plugin), as well as employing the fix in my login php.
Once I was into my dashboard, I quickly checked nothing else had been touched, reset my password, updated the current theme which purged their changes and modified my security settings and htaccess file.
Since he had been kind enough to leave his email address I also pinged a quick email to inform him he was twat. Probably stepped over the line – I’ll learn one day.