We got hacked Sunday morning. Malicious code was added to our index files, Java-scripts were replaced and file permissions were changed. I noticed it almost right away and was able to fix it quickly. But I had to delete all my WordPress plug-ins and I still haven’t finished reinstalling or reconfiguring some of them. So some things may look different for awhile.
I think they got in via FTP and I’ve taken steps to block off that route. But I would also like to do a complete reinstall of WordPress in case I have a security hole. It looks like it’s an easy process but I’ve never done it before and I’m very afraid of somehow losing all my content. I have backups but I also don’t have any spare time right now for fixing mistakes, especially big ones.
I’d really appreciate any advice you can give me about doing a reinstall or making MachinistBlog more secure. You can leave a comment or email me at rr(at)machinistblog(dot)com.
One good thing did come from this. I learned that I have a couple of plug-ins that are slowing down the web site significantly. I’m going to look at whether they’re worth keeping or if there are better substitutes.