Copywriter, technical writer, translator (FR>EN, ES>EN, IT>EN), journalist

My website has been "unhacked"

Over the past few weeks, I’ve watched my website go from a spam-redirect hell to a properly linking website once again. Yes, I’m relieved.

I’m not totally sure how I went from the travails documented in this blog post to a website that now sports a seemingly clean bill of health. I do know some of the steps I took, and I’ll share those here.

  1. I finally got around to eliminating the “admin” user ID on my website.
  2. I removed all the extensions and add-ins I’m not using.
  3. I called my web host, and they found multiple instances of this thing called TimThumb on my instance of WordPress. The support rep dealt with the issue while we were on the phone.
  4. After a few weeks, Google bots seem to have crawled my site again, and the offending links and titles seem to be gone.

A friend tells me he figures the websites that were linked to consist of phishing operations. Lovely.

While I understand the technology and am not afraid to learn about it, I spend so much time learning what my clients need me to know that the shoemaker’s children go barefoot. I still believe in WordPress and I’ll go on using it, but what a PITA this particular “learning experience” has been.

What I’m really kicking myself over is how I keep putting off taking the advice I gleaned for articles about WordPress extras and the basics of WordPress, which includes security. Oh well – better late than never, and the damage doesn’t seem to be permanent.

Have I missed anything when it comes to securing my site? Let me know in the comments below.