I never thought this blog would get “hacked”. It happened though. It’s irritating because I really don’t know exactly what happened. Thankfully my host noticed immediately and suspended the account, informing me that I had phishing files in it. That’s how I found out about it in the first place. They were very nice about it and reopened the account for me as long as I took care of the issue.
It was no fun though when the first thing I saw after coming home from a three hour class with a bunch of idiots in an un-air-conditioned room was the suspension notice. There is no way to describe the sinking feeling in the pit of your stomach when you read the line “Suspension reason: phishing site”. At first I thought it must have simply been due to spam comments, which I didn’t think were such a terrible problem. However, once the account was reopened I saw that there were full-blown phishing files in it. That was utterly embarrassing.
I figured the issue was probably due to the fact that I had been using an older version of WordPress, on the assumption that upgrading it would be a hassle. All of my permissions were as secure as can be without breaking WordPress functionality…I think. So I upgraded WordPress and made a few more adjustments that are listed in this article on the WordPress website. I have no way of knowing whether the vulnerability that got me “hacked” –perhaps “exploited” would be a better word– was fixed by following that article, since I don’t know specifically what I did wrong in the first place. I’m crossing my fingers though. This was a horrible experience and I wouldn’t wish it on my worst enemy.
I’ve been telling myself that this type of thing must happen to unsuspecting people all the time. Old grannies who can’t even configure an email client use WordPress. Not to say that I’m at all competent, but I know there are hoards of people even less competent than me who are using WordPress. They must get “hacked” all the time. It must be common. At least, believing that helps to mitigate my shame, if only a little bit.
Of course, what I’ve learned from all of this is that the only way they could make updating WordPress to the latest version easier would be if they harnessed Clapper technology to accomplish it. Short of that, it couldn’t be easier and I’ll be updating regularly with every new version from now on.