It’s almost Christmas 和 our family is again planning to celebrate with a special dinner of prime rib. This has become a holiday tradition but is a big deal for us, since this is the 上ly time all year I do any cooking of prime rib meat. Today before going shopping, I searched our family 学习 博客 WordPress site (“学习迹象“) for past posts I’d written about this favorite holiday meal. I needed to confirm how large a prime rib I’d purchased in the past和 was also interested in reading the lessons learned 和 suggesti上s I’d documented in the past. I’ve written posts 在2011年, 2013, 20152016 线上网赌网址这一主题。

我发现后2016我的情况下, “史上最佳圣诞晚餐:牛排,” but was immediately alarmed when I read it to see references 和 links to things like motorized scooters, instant loans和 airsoft guns. I realized immediately that my website had been hacked, since I had not included those things in my post two years ago… but it wasn’t im媒体tely clear if my entire website was compromised.


This is how the post SHOULD have 应用eared和 does now since I used WordPress’ built in “revision 历史” to roll back the post to its original versi上.

Prime Rib Blog Post

I have, unfortunately, dealt with WordPress hacks 上 my own websites and those administered 和 hosted by others several times in the past. My earliest experience with them 5月10多年前已在2008年. In most cases, the entire WordPress site was compromised 和 I had to either restore the entire thing from a BackupBuddy备份或支付信誉的安全公司的WordPress(如 SECURI) to clean it up. The “vector” used by hackers in all these cases wasn’t necessarily clear… In some, the WordPress installati上 and associated plug-ins hadn’t been uPDated regularly as they should be. In others, I suspected weak passwords. In each of those past cases, however, the hackers had taken advantage of a vulnerability 和 rendered the site so corrupted I couldn’t repair it directly myself.

500 Internal Server Error- 十大线上网赌网址-欢迎您

Internal Server Error

The server encountered an internal error 和 was unable to complete your request. Either the server is overloaded or there is an error in the 应用licati上.

在2018年7月开始,标志着所有的网站谷歌开始为“不安全” in its search results and in the Chrome web browser if they don’t use encryption. I looked into the steps for doing this, but because I maintain so many sites 和 have been too professi上ally busy with other things, I haven’t made these code changes yet.

Closer inspection to the revision 历史 for this hacked webpage revealed that the latest unauthorized change took place 9 m上ths ago.

WordPress Revision Comparis上 1

A series of changes had actually been made in the preceding m上ths, going all the way back to August 2018.

WordPress Revision Comparis上 2

I am glad there have not been any new changes to the post in the past 9 months, but of course I’m concerned there may be other posts that are also compromised. I have over 450 posts 上 the “学习迹象” 博客, so this isn’t something I can readily scan over.

A few months ago, I changed the hosting company for most of my websites, and at that time I deactivated all the administrator accounts on that website, just keeping my own. I also changed my administrator password to a much more secure (long and r和om) versi上和 ensured 的iThemes安全专家 在正确安装和配置。我以前使用的 wordfence安全WordPress插件, but had some hacking problems even when it was installed so I changed everything over to iThemes SECURIty.

Today I enabled logging features in 的iThemes安全专家, so all admin user access is logged. I’ll try and keep an eye on this in upcoming weeks. I’d like to find a way to show a list of all my posts on the site, sorted by the date each was last modified. That way, I could identify unusual descrepancies between original publishing dates 和 more recent modification dates. I looked at a few plugins but couldn’t find a way to readily do this. If you have any suggestions on that fr上t, please let me know with a comment or by 深入到我的Twitter @wfryer.

Hopefully this situati上 will not repeat itself. It’s a bad feeling to have words 和 links you never wrote or inserted put into a 博客 post you’ve published out ‘for the world.” 🙁

(您可以查看评论并添加有关这篇文章的评论 在这个Fac电子书的的线程。也觉得免费 伸手到我的Twitter @wfryer。低于或评论!)

如果你喜欢这篇文章,发现它是有用的, 考虑订阅Wes的自由,周报. Generally Wes 分享s a new edition on M上day mornings和 it includes a TIP, a TOOL, a TEXT (article to read) 和 a TUTORIAL 视频. You can also 看看过去Wes的通讯版本在线免费!

Did you know Wes has published several 电子书 和 "eBook singles?" 1 of them is available free! 去看一下!参观Wes的基于订阅的视频教程库 支持全球技术整合的教师!

更多的方式来学习与WES:你使用智能手机或平板电脑? 订阅Wes的免费杂志上的Flipboard‘ireading’! 遵循医生。十大线上网赌网址的twitter(@wfryerFac电子书的谷歌+。也“喜欢” WES'为“Fac电子书的页面创造性学习的速度“千万不要错过韦斯利的最新技术一体化项目,”显示出与媒体:你想要什么才造就了今天?"


Creative Comm上s License
这项工作是根据许可 知识共享署名3.0许可unported.