The following is an excerpt from Chapter Thirteen of Harry Potter and the Prisoner of Azkaban:

Plunging a hand down the neck of his robes, he whipped out his wand and roared, “Expecto patronum!”

Something silver-white, something enormous, erupted from the end of his wand. He knew it had shot directly at the dementors but didn’t pause to watch; his mind still miraculously clear, he looked ahead — he was nearly there. He stretched out the hand still grasping his wand and just managed to close his fingers over the small, struggling Snitch.

…

“That’s my boy!” Wood kept yelling. Alicia, Angelina, and Katie had all kissed Harry; Fred had him in a grip so tight Harry felt as though his head would come off.

…

“Yes!” Ron yelled, yanking Harry’s arm into the air. “Yes! Yes!”

“Well done, Harry!” said Percy, looking delighted. “Ten Galleons to me! Must find Penelope, excuse me–”

“Good for you, Harry!” roared Seamus Finnigan.

“Ruddy brilliant!” boomed Hagrid over the heads of the milling Gryffindors.

“That was quite some Patronus,” said a voice in Harry’s ear.

Harry turned around to see Professor Lupin, who looked both shaken and pleased.

heheheheh… *ahem*

1. The automation quandary.
    
   One thing that’s a pain in the butt for sure: There’s no way to automate updates for WordPress!
   If we want true peace of mind, we pretty much have to visit the WordPress backend every single day, or at least get Emails notifying us when updates are available for WordPress, and be unusually proactive about it–Especially with your add-ons, checking to see whether or not your active plug-ins are even being updated any more.
   
   (If you know of a way to automate updates on WordPress, please let me know.)
   
   So now, not only do webmasters have to keep their website software in check, but they also should be keeping track of program updates on all of their computers all of the time (And not just FTP programs. I’m talking about programs you’d never think of updating, such as Adobe Air).
   
   One way they may have gotten to my website is through an FTP program called Filezilla. Hackers can get full access to your website’s files using exploits if you happen to have an FTP installed on one of your computers and it happens to be outdated.
   
   I use three different computers, two of them on a regular basis. One of them had an outdated installation of Filezilla on it. Now it’s been updated. But every time I see another update, I pretty much have to run to the other computers and make sure they get updated, too.
   
   Pain. In. The. Ass.
   
   Luckily, I’ve found a better way.
   
   I don’t know if you have a smartphone, but one thing that’s great about them is they notify you when updates are available for all of your applications. You just touch ‘download and install’ and it starts doing just that in the background, much like how Windows Update works. No extra footwork required from you.
   
   There’s a program that behaves much the same way for Windows-based computers called Secunia PSI. It scans for installed programs, and listens for updates in the background, installing them right away (that is, if you choose to set it to’ automatic’). Once you have your PCs and laptops on auto-pilot, Secunia will make sure everything from Winamp to Avast! Antivirus stays up to date, up-to-the-minute (it even listens for Firefox and Chrome plug-in updates). And in most cases, there’s no extra footwork required.
   

    

    

    

    

 

2. The structure of web files, and their ‘rights’.
    
   When I first got my web space, one thing that was overwhelming to me was the file structure. It’s nothing like a C:\ drive, and there was no explanation from the web hosts telling me what’s what. I had to experiment and use a lot of guesswork to try and piece things together. 

   Unfortunately, if you don’t know why the structure is the way it is and what files do what and go where, it’s very difficult to track down a hack and fix it, much like looking for the proverbial needle in a haystack (if you’ll excuse the cliché), except it’s multiple haystacks and you don’t even know what the needle looks like.
   
   Certain files and folders need certain rights, and if you don’t have them PERFECT, if you make one single mistake, your entire site can be compromised.
   
   The domain root folder structure:
   
   I’ve only been on one web host, so I can’t be sure they’re all the same, but mine’s laid out like this: (I’ll label the directories we’re concerned with right now.)
   
   =============================================
/ <-(This is the system root directory. There are important config files in here. These are not publicly accessible.)
/.cpaddons
/.cpan
/.cpanel
/.cpcpan
/.entropybanner
/.fantasticodata
/.fontconfig
/.htmltemplates
/.htpasswords
/.MirrorSearch
/.sqmaildata
/.trash
/access-logs
/bin
/cpmove.psql
/etc
/mail
/php
/public_ftp
/public_html <-(This is the web root, where all the files that are publicly accessible are located. Literally, this is www.5-Rings.com and all of its subdirectories.)
/quarantine
/sql
/sql_restore
/tmp
/www <-(This is literally a redirect to public_html.)
=============================================
   
   Starting with the System Root directory (the plain ol’ forward slash), there may be an .htaccess file here, depending on if your server is being run with Apache or not. 

    

    

    

   One interesting thing to note is if there is a dot in front of a file, browsers ignore the file entirely. But that doesn’t mean the web host cannot preprocess commands from one of these dot files before displaying a web page to the end-user (a server-side command). 

    

    

    

   The rights to the files in this directory should be ‘644’. That is, everyone can read the files, but only you can write to it. 

   
   
   The power of .htaccess: Read the rest of this entry »

I don’t claim to be an expert on this subject, however–though preventative information was everywhere–I found it difficult to find specific information on what to do after you’ve been hacked (just telling me to update WordPress and look for ‘suspicious code’ doesn’t cut it).

So I wanted to share what I learned, in case it helps someone out there who finds themselves in the same boat I once was.

A few things first:

1. My site is self-hosted, running the software from WordPress.org.
2. WordPress is installed in a subfolder off of my root directory (/blog).
3. I run CPanel Accelerated 2 as the back-end for my main site.

Yes, this site was hacked. At the time, I honestly couldn’t tell; It looked and behaved exactly as it always had. In fact, the only way I knew was because some of my friends pointed out that Google had flagged it as an ‘attack site’. Google Analytics also sent me an Email informing me of the detection, urging me to clean my site and resubmit it to the search engine once I was done.

Here’s what I did:

1. I called my web host.
   They sent me a couple of Emails with general information on how to change my passwords, how to restore old backups (something they really encouraged), and it even came with a link to Google Analytics. Basically, it was no help at all.
2. I logged into CPanel, my main page’s back-end.
   This allowed me to put my site into Maintenance Mode, to prevent visitors from coming and to minimize damage.
3. I changed my password to something temporary.
   This was so I could change it again once the site was cleaned.
4. I checked the users.
   There was an extra one I did not create. I deleted it immediately and also deleted an extra account I no longer use.
5. I logged into wp-admin, the WordPress back-end.
   I made sure I had the latest version of WordPress installed.
6. Like in CPanel, I changed my password to a temporary password.
7. Once again, I checked for rogue users.
   I found one here, just like I did in CPanel, and deleted it. It was named with random characters, something like ‘2x34jh25’.
8. Any outdated WordPress plug-ins are security risks.
   I updated all plug-ins, and deleted the plug-ins I never use.

Whew! That’s round one. Exhausted yet? I was. But worse, I wasn’t sure what to do next. Thanks to a lot of help from forums, though, I found out how to snuff out malicious code, which we’ll do in the next round. Hope you’ll join me!