A couple of weeks ago, I got an email from my hosting provider telling me I had infected files on my site. It looked like spam, so I ignored it. Then a few days later, I got another similar looking email, but this time they said that due to my infected files, they shut down access to my site until the infected files were removed. I went to my site, and sure enough, it was shut down.
I looked at the list of 40 infected files they sent me. It looked like they were older versions of PHP files which were likely mis-tagged as infected. So I deleted them and asked my hosting provider to recheck my site. But they found more infected files elsewhere on the site. A couple of them were in a new folder that I did not create. I Googled the name of the folder and a link showed up to my site, with “adult” words.
So my site was most definitely hacked. Perhaps my hosting provider may have been at fault, but more likely it was a vulnerability in an old theme I was using. Either way, it was time to clean up the mess.
The first step was not to panic. First, I downloaded my whole WordPress site to my laptop, figuring there would be something salvageable in there. And luckily I had a plugin installed which made regular backups of the SQL database.
I wasn’t happy with my current hosting provider, but I didn’t think it worth the hassle of moving the site elsewhere. But this hack was a blessing in disguise, as it was my chance to make the move to a new one! I found a new hosting provider recommended by a friend. They even offered free setup/transfer of a WordPress blog! I uploaded my SQL database backup and the /wp-content/uploads/ folder (which has all the images), and they imported it into a fresh WordPress install!
The only thing I was missing was the plugins. For most of them, I could copy the folder from the old install. Some of them, such as the ones that backup the database, required a fresh install: no big deal.
I’m pleasantly surprised it didn’t take me that long to get back online! I’m running a different theme than before, but the layout is similar to my old theme, so it works for me. I had a separate ham radio blog on another domain, I took the opportunity to shut that down and import those posts into this blog. There’s a few glitches with how the text is wrapping around my images, but I can gradually fix those over time. But otherwise, the site is back!