So, for the first time I know of,Â a site I control has been hacked.
I got a message from Google today saying howardowens.com was being removed from the index for use of hidden text (in this case, links and text for viagra).
I’m like, WTF?
Sure enough, I checked the source code and there it was.
As near as I can tell, somebody managed to get FTP access to my server and modified the following files: classes.php, default-filters.php, functions.php, gettext.php, wp-db.php.Â The hacker also created a file called class-mail.php, and that file was encrypted.
I’ve restored backup files and changed the FTP passwords.
I’m posting this to warn other WP bloggers about the exploit. Check those files. Make sure you’re FTP password is strong, disable anonymous FTP, and make sure there’s no hidden text in your source code.
Hopefully, it won’t be too much of a hassle to get re-indexed by Google.
UPDATE II: You don’t see update I, because it wasn’t part of my database back up, but it noted that after talking with my host, I learned that it wasn’t likely an FTP hack, but a WordPress hack, because I hadn’t upgraded WP. The upgrade is now complete … fair less painless than I anticipated (which is why I hadn’t done it before), and things seem back to normal.