My site was broken into again last night and was down until this morning. What fun.
Welcome to another day of hackage fun.
This morning, the odd “consig.php” with its Base 64 contents and eval was back, along with an updated “.htaccess” file. I called up Bluehost support. They restored a safe version of “.htaccess” and suggested I talk with their “security people”. I said sure.
After a longish hold, they transferred me…to an entirely different company, who for starting at just $40 or so a month (and up), would provide me with a fire wall. The sales pitch was strong, as was their disdain and pricing structure. I thanked them for their time and hung up.
It was time to call back Bluehost again and yell at them a little. This time, they offered to set up an SSL certificate for 90 days at a time.
This might be even more exciting if their own certificate didn’t seem to be wonky:
I also deinstalled and re-installed my plugins, and generally followed the advice passed to me this morning by Jan Östlund in his helpful tweet.
Sorry to hear that your site was hacked. So annoying! I have compiled a checklist for all my friends using WordPress to tighten the security. https://t.co/IAdrBiP7GE and what to do when the site is hacked: https://t.co/5MlP4CAYL5 Hope this helps a little. All the best!
— Jan Östlund (@janostlund) March 27, 2018
Frankly, it’s been a pretty dreadful day. Of course, the kind words of support from everyone have been a lovely counterpart to the misery of doing sys admin work. I’m surprised so many people have had to deal with this exact situation before. At least I’m not alone.
Maybe you should use some plugin to protect your WP installation. And follow some of the practices you can find at Mozilla Observatory website (you can learn lots of things there)