Recovering from a WordPress Infection

Recently I noticed that many of my wordpress based web sites (including this one) were running very slowly. I also noticed that my hosting company was limiting my CPU cycles (their way of balancing load). To increase speed, I installed a highly-rated caching program, which generated tons of errors. At first I blamed the plugin…then I realized what had happened.

All of my sites had been infected with what appeared to be an automated attack. Lovely. I found and followed instructions to clean the sites; eventually I simply deleted and reinstalled everything. Fortunately I keep good backups so this was not terrible (although I have a few broken links due to missing images–have to fix that when I find time).

In the process of doing all this, I've learned a number of things.

  1. ALWAYS KEEP OFFLINE BACKUPS.
  2. Watch the speed of your site and monitor CPU cycle limitations imposed by the hosting company.
  3. Take note when odd things happen (for example, when a widely respected plugin fails to work).
  4. Sometimes it's easier to delete and reinstall than to clean!

Also I've learned a number of tricks to help prevent this from happening in the future. More on those tricks later–I'll probably post an article with links to the sources I used.

 

When was the last time you backed up your WordPress site?