Last night I got an alarming e-mail that it might be possible that some kind of malware was installed on a private computer via downloading a file from the Biodiversity Offsets Blog!
Now, this is a very specific blog that — despite its worldwide audience — might be neglectable in terms of absolute numbers (there are currently around fourty visitors per day which I think is already great). So, I didn’t expect any security issues and of course, I had taken preventive measures, too. Anyway, it is not hundred percently sure whether there was a problem with the site and whether there possibly still is. But as I don’t want you to take any risk and possibly cause inconveniences, please be alerted.
Experts out there?
If anyone can help me how to solve this — either you have another idea what I should do or think that I have done everything possible, please do tell me!
Here’s what I’ve done so far to analyze and fix the problem:
- googled how to detect hacks to a website
- did online scans of the website –> nothing was found
- contact our system administrator at work –> he couldn’t find anything at first glance, but did give me some general good hints and confirmed that detecting malware might be a tough approach (i.e. it’s possible that there is something buried somewhere that you’ll hardly ever find)
- contacted another administrator (who has installed and uploaded my blog) –> he checked and responded that there “might” be an issue, possibly through a plugin
- so, I updated all plugins and got rid off the less important ones
- deleted all users (obviously mostly spam subscribers, kept only the few ones I could identify)
- installed the “wordfence” (security) plugin and ran another scan –> everything is ok
- still suspicious, I also contacted my hosting provider to check –> waiting for response
- and finally, wrote this post to tell you to be cautious with all links!
What has changed for the blog?
As mentioned above, I have reduced the plugins to a minimum, i.e. some features no longer or at least temporaily don’t exist. This includes:
- the Google translate button in the side bar (I don’t think it has been used that much)
- the view counts at the end of each post or page — however, the “most viewed posts” in the side bar are still there
- there’s no subscription form available anymore as I had too many spam subscribers, if you want to follow the blog, check daily (I am posting almost every working day), follow me on linkedIn, where I instantly post all the updates or use rss feed