Now I Know How Maud Newton Felt

I read Maud’s blog post from last fall about her site being compromised again; I understood her sound advice: “[I]f you maintain a website and are running an old version of WordPress, update now, even if the switchover borks your stylesheet”; I linked to Lorelle VanFossen’s post about blogs running on old versions of WordPress being under attack; I linked from that post to the WordPress News post about how to keep your blog secure (“Upgrading is taking your vitamins; fixing a hack is open heart surgery”)—and I did nothing.

Then this week I discovered that some kind of wormy thing had invaded this site, and was doing a poor job of turning every page into a redirect to some sort of creepy site that downloads and installs malware on your computer. So I upgraded to 3.0, I read the WordPress FAQ on what to do after a site hack, and I reuploaded and overwrote all my plugins and themes—all of which were good ideas, but none of which got rid of the hack. So I contacted Media Temple. And then I was very glad, yet again, to have them as my hosting company, as they put together excellent instructions for how to log in to phpMyAdmin and strip out the hack–which I followed, and which worked. (The number of rows affected by the malware in my blog’s database was just shy of 300.)

Then I changed all my passwords. Then I was relieved, yet again, that I don’t allow comments here, even if that’s not very Web 2.0 of me. Then I was tangentially glad, yet again, that we do a pretty good job of keeping backups of all our digital files (Time Machine, Time Capsule, waterproof and fireproof safe), because although dropping a laptop on a linoleum floor is very different from a wormy thing infecting your blog, they can both wreck a lot of hard work, and Virginia Heffernan’s description of her experience of the former still haunts me.