Regular Backups

One of my clients had their website hacked yesterday, this was through their WordPress login, and seems to have occurred as a result of some vulnerabilities on their own computer, likely releasing their username and password. No other sites on that server so far seem affected.

The client hadn’t made any recent backups of their WordPress database, but had years of content on their website.

The hackers had put some sort of automated program to add three sections of JavaScript on every page, post, and image description. This accounted for nearly 750 instances of spam content that had to be carefully removed.

They’d also added themselves as a new user under the email wordpressadmin@test.com

Hackers had then changed the site URL within WordPress to automatically bounce users through a bunch of affiliate pages on alternative websites, also meaning that you can no longer log in to the WordPress console.

Fortunately though, they left the main content of the website intact (just with the extra spam content). I also still had full access to the server data itself, as do all my clients.

After editing the .sql database directly to remove the redirect, I was then able to log back in again to the WordPress console, generate new passwords for all users, and remove the extra spam user that had been added.

After realising how many instances there were throughout the website of the spam content, I felt it was going to be easier to again modifying the SQL database file as plain text, to remove all instances of the JavaScript addition, and restore the site to its previous state (using the ‘find and replace feature in plain text notepad editors).

This could’ve also been done via the WordPress console using the ‘tools/export site’, and then importing the site back again after are removing all existing content. But that would’ve meant removing all existing content temporarily, and I’d rather do the comparatively quicker change of just updating the database file directly.

I have subsequently also made a collection of backups in different forms for the client.

This problem the first appeared as just the site taking an age to load, so it seems as though we caught it early.

But please, make regular backups in multiple locations of all of your key data, whatever that is.

If you don’t want to lose it because of a hardware or software glitch, or a hack like this one, having a recent backup really is the best option.