So, there I am, in bed, rubbing my eyes trying to wake up, as I do most mornings, listening to the incoming alert vibrations coming from my cell phone. These sounds go one for a few moments, and, once they stop, I reach over and pick up the device and open my email and begin deleting the various junk emails that didn’t properly get thrown into the spam folder, when I spot a notice from my website hosting company. This is pretty normal, so I’m not overly concerned until I actually read the subject line: “Security Incident.” There’s also an email from the developer of the WordPress Theme on that site immediately below it, subject Site Vulnerability.
THAT gets my immediate attention.
I open it, read it, and a few choice Russian phrases pass my lips. They could have been Welsh, or Gaelic, or even German, but Russian is generally my swear language of choice, thank you Naval Security Group Command and the Defense Language Institute for small favors..
The web host took immediate corrective actions, which is one of the reasons I’ve been with these folks for much of the past two decades:
We need to inform you that the WordPress installation on your website for babblingbrookereadings.com has been hacked. To prevent further abuse of your account and the server, we have disabled public access to the website.
Yep, closed off outside access, set a special password and sent it to me so that I could go in and make sure the framework is intact and all is back to working properly.
What I found is a plug-in that I don’t recognise that has been doing “something” for several weeks, along with, along with an unknown user account that had Administrative access.
Hit “delete user”, and “Goodby, Felicia, whoever you are!”
So, the website will likely be going down for a day or so while I go through everything with a fine-toothed comb.