WordPress Security Risk
It was a bad day! Two weeks ago, I upgraded WordPress for one of my blogs, the only one which generates income, and a day after that, I can’t access it anymore. I managed to recover the site by recreating ‘wp_options’. And then do several workarounds to fix it.
But then, I was too late.
Before I was able to recover the site, I have been hacked already via SQL injection. A lot of my posts has been appended with SPAM URLs which do not display on the actual page, but I was able to clean it up.
Here’s how I did it. I noticed that the appended texts uses “display: none” to hide it on the actual page, so I just ran this simple query.
select * from posts_table where 'post_content' like '%display: none%'
…then manually modified the results.
Yesterday, I was informed by Google that my site will be removed from their index for at least 30 days. And here’s the result. I hope it returns a single result when you click it. I’m praying for Google to re-index my site again sooner. Though I expect $0.00 for the next 30 days.
Whoah, that’s awful. Glad my post became useful in some way. Darned spammers!