It happens to the best of us sometimes.
I have 5 sites that I manage or help manage that were compromised. It was actually quite a clever hack in that the sites all worked as normal when I browsed directly to them, but if I came in from a search result on Google or Bing, I was automatically redirected to a porn site. For those of you who came in and saw that mess, I do apologize.
I’m not sure exactly how they got in, but I suspect it was due to one or more of the following:
- Old or outdated plugin that hadn’t been updated in a long time
- Old or outdated theme that hadn’t been updated in a long time
- Old test sites that were left running and WordPress hadn’t been updated in quite a long time
It’s a good thing I had a fairly recent backup because I ended up wiping the sites out and starting over.
Pay attention to your sites. Don’t let them sit totally unattended. Delete old test sites. And most of all, keep your software updated!
Now, it’s on to working on getting the site restored with a new theme and getting all the content back up and running.