Just an update on the wordpress virus. Â After several hours of research followed by 3 or 4 hours of fixing, I’ve wiped out the virus and cleaned up the database. Â I also implemented guvnr’s 10 tips to make wordpress hackproof. Â (Ok if that’s not offering a challenge to all the hackers out there…)
The main advice everyone gives is obviously to update to the latest version of wordpress and all your plugins, but once infected it’s too late for that plan to help. Â Other tips are to of course use a strong password and to disable the default admin user account. Â But first I had to remove the ‘back door’ admin user – which was giving the virus access to my site. Then I went through the 10 tips closing up vulnerabilities where possible.
One place where I almost hosed myself was that somewhere in the process I accidentally reduced my admin account’s privileges to that of a normal author, without first creating a new admin user. Â After that blunder, logging back in as admin was impossible – so there was no way to create a new admin user. Â Ultimately I had to hack back in to my own site (via the mysql database) and create a new user with admin capabilities. Â Ahhhh, technology!