I was recently asked to update an online store’s blog. Not a big deal, right? They run WordPress, so bringing it up to date should be as easy as logging into the administrative area, going through the 1-click upgrade process to upgrade the core installation, and then going back and updating any plugins that are out of date. But in the case of the client’s blog, the WordPress installation was so old (2.0.x) that I had to manually upgrade WordPress. Still not a big deal, right? Simply download the new files, FTP them into place, run the upgrade.php script, and we’re good to go.
But given my luck this weekend (I’m sick as a dog and I seriously can’t wait to make an appointment with someone in a lab coat tomorrow!), of course it couldn’t be that easy. It turns out that the very old installation of WordPress left the blog very vulnerable to attacks, and it was hacked a few times. I cleared out the infected files, themes and plugins, and replaced them with new ones, but now I’m awaiting information on how to access the MySQL database (the site is hosted with Yahoo webhosting), so that I can manually remove infected code from that as well.
Ugh. People… it’s so easy to avoid problems like these, so why even let them happen to begin with?!
Related posts:

Charity
The only problem I find is that I’ve found installations of the new version of WordPress that have been hacked. Long and short, someone will find a way to do it, regardless. *sigh*
But I recently upgraded a friend’s WordPress for them and they were running 2.6 because the last person who helped them with their themes & WordPress never bothered to upgrade even though I know we were at least at 2.7 if not 2.8 at that time!
But you have to figure – if the company hired you to fix WordPress up for them, it is because none of the people there knew how to do it, which is really sad since WordPress is so easy to learn.
Charity´s last blog ..Plugins: Great to Use, But Be Careful
Reply
