Over the past few days, some of you may have seen a pop-up from Google notifying you that we may be distributing malware!
Well….As it turns out a hacker got access to our web host. They gained access to all the core files that run this web page as well as our other blog http://fruitfulista.lifetransplanet.com. They were able to insert some kind of redirect that only happened occasionally on certain pages.
Google “crawls” webpages nearly every day for content and in turn this is how they feed their search engine. In addition to scanning for web content, if their Googlebots happen to come across a page that redirects them, they flag your site as having malware. This is bad for a few reasons.
Google, for the most part, controls the internet. If you get on their blacklist for any reason, traffic will simply stop flowing to your site. This is what happened to us. Some browsers like Chrome or Firefox will display a warning based upon this blag flagging by Google:
This was the first time I had this happen to our websites. So it was again, time to learn about it and figure out how to fix it. In some ways I enjoy a good challenge, it seems to be what my brain was tailored for. I checked our webhost and since there were multiple sites that had been hacked I figured it had to be compromised. I updated all the passwords on wordpress as well as on the host. I then moved all the sites from the host back to the Linux box in the basement that I used to host from.
Google’s webmaster page allows you to have them recheck your site for the malware once you’ve done something to try and correct it. So after I moved everything off the host I had it re scanned. Well….Still infected!
At this point the next step was to replace all the core word press files. It’s unlikely that the content was hacked (pictures, music, etc) but was just the core PHP files that run WordPress. So I downloaded a fresh version of WordPress, then copied in all of our content and re uploaded the package. Google re scanned and, it came back clean!! So we are safe to browse again and actually I am not sure if we ever weren’t safe. I never did find the code that was compromised, but rather took a shotgun approach and just replaced it all with new.
If you’ve noticed that our style looks a bit different, that’s why. I still have to go thru and add some stuff back in. Or we may use this as an opportunity to redesign our site. We’ll see.