My facebook friend Tracee Sioux messaged me.
“Dude there was a giant RED screen that said I was in danger and to leave the site immediately when I clicked.”
When I logged on in Chrome, things looked fine. Firefox, Safari, also no problem.
WTH, I thought. I had to find out what was going on.
I turned to facebook and used it for what it is best used for- crowdsourcing. Figuring that it might have something to do with her geographical area, I sent a group message out to friends in California, Denver, Florida and Louisiana asking them to look at my site. I got two reports that everything was fine so I started to breathe easier. Then a report from my friend John in Denver.
“There’s an obviously fake flash download screen that comes on when I go to your site. I tried to go back and screen capture it but it didn’t come back”
Not as bad as the time someone downloaded flashing skulls and lightning onto my site, but still, I was not happy.
Here’s what I did to fix it.
- 1. Got into my site with FTP. You can see ALL THE FILES with FTP. It’s really old school, but still useful.
- 2. Locked down ALL MY PERMISSIONS. So, the reason you can upload pictures to your site is that there is a vulnerability in the file permissions that allows you to do that. If you are on a high-security server, you will have to change permissions every time you want to upload a plugin or a picture. It’s not just a matter of someone getting your password.
- 3. Looked into my wp-content/uploads folder. I usually name things something that makes sense- (even if it’s screenshot_margaret) so when I saw a file named cpxhuxfy.php I knew it didn’t belong.
- 4. I removed all those files.
- 5. I revisited all my permissions. wp-config (in the public_html file) should be 664. EVERYTHING ELSE (use the “recurse into subdirectories” option) should be 775.
When you need to get in to add files and images, go to wp-content and then the appropriate folder and change it to 777 until you are done.
- 6. VERY IMPORTANT! When you are done, close that door! Change your permissions back to 775!!