Update: I’ve done a mass hardening (that sounds gross) on everything here at the ThemeShaper ranch and—and it looks like we’re cool now. Let’s hope things stay that way. Hey!—at least I learned something about WordPress security, right?
—
I’m not sure when but some time ago ThemeShaper.com was hacked. I’m fairly sure it wasn’t a random sort of script-based bot attack but targeted directly at this site. I know this because the idiot that did this uploaded a hacked version of Thematic to a downloads folder on my site and altered the links on the Thematic landing page to point to it. Crap.
You’ll know you have a hacked version if you’ve got an sv_ss.php
file in thematic/library/languages/
.
If you’ve recently downloaded Thematic or are worried at all there’s a simple fix. Download Thematic again from the WordPress.org Themes directory and thank God there’s a free central repository for these sort of things.
Again, crap. And my apologies. I like making ‘the WordPress news’ but not for something like this. But I would like to assure you this is not a hack resulting from anything wrong with Thematic. Just one of those things that tends to happen to popular WordPress-based sites. It could happen to anyone.
I just wish it didn’t happen to me. Or you guys.
Now, as for the hack. I don’t know how it happened. It’s been suggested to me that it came through a weak plugin. I usually keep everything up to date here on ThemeShaper so, well, I don’t know. We’ll see, I guess. I do know that last night I discovered my wp-admin
and wp-includes
directories were 2 megabytes larger than they should be. I deleted them and replaced them. Here’s hoping that put an end to this.
If it doesn’t, and my site disappears suddenly, well, crap, it didn’t work.
Hey, at least the front page isn’t ThemeShaper recommended hosting right? Right?
Sigh. And it’s my birthday today too. What a day.