[wp-forums] Help I've been hacked

[Podz]

Craig wrote:
> This is a great idea, Podz. It could certainly be tied in to general
> "good housekeeping" or "best practises" kind of things. BACKUPS
> BACKUPS BACKUPS and all that rot.
> 
> We should be able to harvest some of the verbiage from old posts on
> this topic, no? At least be able to use it as a basis for the new
> stuff.

I'll kick it off then:

1. Don't panic. What's done is done. It's time to clean things up.
2. Do you have a backup?
- Yes? do ....
- No? do...
3. Tell your host what has happened. They will blame WordPress at this
stage. They always do.
4. You need to assume that your /wp-content/themes directory has been
compromised. You can download that directory but it must then be deleted
from the server.
5. Download a new WordPress zip from http:/wordpress.org/download. Unzip
it. Upload the themes directory. Yes your site will look ugly but it'll
work safely.

Then it needs something about dealing with plugins, something about
leaving all files at 644 (do we need to know what they were?) and.....
other stuff that escapes me right now but backups etc need pushing.
I'm sure I said before we need the occasional hacked post to bang home
the concept of backups.

Anyway the above is rough as hell, needs dissecting from various views
including security and that "If your host believes that.." thing too.

I would like this to do 3 things:
- assist the person who opens their browser to their site and promptly
freaks
- push the ideas of what you said Craig about best practice
- be more pro-active about the damn hosts who keep saying "It's a
WordPress vulnerability" and in the next breath "Come to us it's 1-click
WP here!" which really annoys me. If we can produce something useful it
becomes a tool for use outside too.

P.