My Cautionary Tale

by Josh on March 16, 2011 · 4 comments

in Journal

Things are pretty well put together around here following the malicious code attack that got my site temporarily blacklisted with Google.  Now I thought I’d share how the problem happened, how I fixed it, and what has changed on the site as a result.  There will be more about technology than houses this time, but more project goodness is on the way.

What Went Wrong

The website blacklist notice said that malicious code was found in the javascript folder of the WordPress blogging software I have installed on my web server.  I had been running an outdated version of WordPress because I was concerned that updating from version 2.9 to 3.0 could break my site theme or some of the software plugins I use, but it turns out that delay left a vulnerability that the hacker exploited.

How I Fixed It

From what I read about recovering from this kind of site violation, the best thing to do is delete the whole program directory and start over. After a full data back up, I completely deleted WordPress from my server space and installed the new version.  I also uploaded a new theme that I knew was WordPress 3.0-compatible and free of any bad code.  I retained the database with all the blog posts and comments, so no content was lost in this process.

What Has Changed

The most important thing that has changed is my lax attitude about blog software updates.  This was an enormous pain and I want to take every effort to avoid going through it again.  To ease the update process– now and in the future– I decided to purchase a professional theme, the continued compatibility of which will be someone else’s concern.  I’m also trying to cut down on software plugins, which also add future incompatibility risks.

I am continuing to customize the Thesis theme and improve the organization of the site.  The new header image is obvious, (what d’ya think?) but I am reworking the page structure to try to make key content topics easier to browse.  These will include things like projects by room, tool reviews, before-and-afters, antiques & decor, house history, and tips & ideas.  I also need to redo the image gallery on the site to move away from the problematic plugin-based method I used before.

What else would you like to see here as I improve the site?

And for my fellow WordPress bloggers, heed my cautionary tale:

Update, update, update!

{ 4 comments… read them below or add one }

Reuben March 16, 2011 at 10:00 am

I’m about to start the process of moving from my .blogspot.com domain to a custom domain, and I’m toying with the idea of moving to wordpress as well. Everyone generally seems to agree: Blogger has some serious functionality limitations, but it’s safe and easy. And most importantly, the chance of total technical failure is virtually non-existent.

On my other wordpress blog (VeloTraffic.com), I’ve never had problems updating the software, but I hold of on theme updates, since that has given me problems in the past.

Reply

Josh March 16, 2011 at 10:22 am

That’s basically my experience, too, Reuben. I never have trouble updating Wordpress itself (at least since the dark days of 1.x). But I’ve had trouble with my theme breaking following a major Wordpress upgrade like what I was hearing about the move from 2.9 to 3.0, now 3.1.

Rather than just succumbing to my uncertainty, however, I should have installed a local instance of my blog and tested out the Wordpress upgrade offline. I’m set up for that now, too.

Reply

Reuben March 16, 2011 at 6:13 pm

Say, how about a “subscribe to follow-up comments via email” option?

Reply

Josh March 16, 2011 at 11:32 pm

Done, Reuben. Good idea!

Reply

Leave a Comment

Previous post:

Next post: