As soon as I discovered this, I closed the site down and dived into it, trying to remedy what had happened. Scanning files and database, looking for suspicious and/or altered files. Searching for keywords indicating malware. Yeah, you know, all sorts of stuff.
I found quite a few problems. Without going deep into the details I did a pretty big job of cleaning things up. Many hours in front of the screen trying to get everything back to normal. And after some time things seemed to be clean. I did a few more scans, a few more searches, deleted a few more files not included in the core version of WordPress and decided to open the site again.
I’d didn’t take long until the SQL injection started, f*g things up. So I had to close it all down again.
Ok, what to do…?
I do have backups, but because I don’t know exactly what has gone wrong and where the malware resides – all scans are negative but something’s definitely wrong – I made the decision to start from scratch. Anyway a good opportunity to really clean up and get rid of any loose threads. There’s no problem ‘cleaning’ the posts, but it’s a tedious job that’s gonna take some time to complete. However, when completed, it should be no problems to export the clean posts and pages from the old site and import them into the new one. Well, at least so they say.
So I started it all up yesterday. First I created a new subdomain – kites.aerialis.com – yes, it’s a .com domain! Then I put up a WordPress website from scratch and installed only the plugins I really need, Wordfence – for obvious safety reasons, – first, and then a pretty neat backup plugin – Vivid backup – that really gets the things done. It will even export and import pages and posts pretty seamlessly between the two sites. Now that can become handy in my situation.
Then I installed the rest of the required plugins and everything went well. Next step was to export a few templates from the hacked site and import them into the new one. You know, a header, a footer, the drop-down menu, the 404-page and a few others. Then I put them all together and started to work on the front page.
Now, for some time, this front page will be a pretty simple one while I’m rebuilding the site. In a – hopefully – not too distant future, most of the posts and pages will be back online again, and then it’s time to tweak the front page a little more.
You can follow the process at the brand new AERIALIS Kites website right here at http://kites.aeriallis.com/
…and please cross your fingers that I now have taken the right precautions for keeping those hackers away!