Following on from my experience of my blog being hacked via the timthumb vulnerability within the first week of it being live, I thought I would post a short follow up.
Luckily, I have not been hacked again yet (and I say yet, because I am sure it will happen again sometime!). I was very careful to follow the post hack instructions provided by the good people at securi.net and so far, touch wood, everything seems to be fine.
BUT, one of the items in their list was to go through all my wpadmin and ftp passwords for the blog and change them. I don’t know about you but I am often very blasé about this sort of thing. I don’t know why. It is the most basic form of security. Especially after your blog has been hacked! Maybe it is laziness. Maybe it is a “head in the sand” / “It’ll never happen to me” type thing. But for some reason I can never be bothered to work through and change all my passwords.
However, this time I did. Maybe it was because it was such a royal pain in the arse to get everything back to normal again that I was more motivated. Maybe it was because I had not only been told to do it, I had been told to do it by someone I had paid to help and advise me (Securi) so I would have to be pretty stupid to pay for advice and then ignore it.
So, whatever, I changed it.
And you know what? A mere 6 days later I go to login to WordPress and as soon as I land on the login page I get a message to try again after 12 hours due to 9 failed login attempts! Wow! I guess it’s logical. If you are a spammer and you have found a site with vulnerability then you might as well try and target it again and again.
So, a simple bit of advice for today. If you have been hacked then remember to CHANGE YOUR PASSWORD. Not in a week, not in a few days. NOW!