In the last few days the Gumblar malware injection attack has been making the rounds and hopefully you've taken preventitive measures to ensure that you are as safe as you can be from this annoying injection attack.
Just so you're aware the reason for this attack is Blackhat SEO spammers are attempting to insert a hidden link on your site for the purposes of link building. The problem is it's not only illegal, it's incredibly lame.
Here's another scenario, let's assume for a second that your site did in fact get hijacked. Likely what you will be left with is an annoying script in a tond of your WordPress site pages. Not just in your theme but in anything beneath wp-content that they could inject.
This might include:
- Your theme files.
- Your plug-ins (a very good case for limiting and auditing new plugins you add).
- Your wp-admin files (this is extremely annoying as well).
Your only solution at that point is to reinstall WP (thus over writing the compromised files), re uploading your theme (backup!) and reinstalling all of your plugins. That would then get every file restored.
Now that's a time consuming and lengthy pain in the ass process to be honest. So let's be a bit proactive and add some functionality to your WordPress site that will automate some of these things for you.
Here's a list of trusted management, backup and resoration plugins I use on all my sites:
- WP-DBManager - this is a great plugin by the prolific Lester Chan (one of my favorite plugin authors). It will let you do database work and backups directly from your WordPress Admin. Very handy.
- WordPress Backup - this is also a highly recommended plug in that will backup more than just your post data. Run it regularly and better yet, automate it. My rule of thumb is that if it can be forgotten it will be forgotten. I'm the worst case of that.
- WP-DBBackup - this will help you automate that process and keep a nice fresh copy of your database on hand for that disasterous moment.
- eFiles Backup - this is a good one for a smaller site. In general any injection attack won't hurt your database, just the content files. This little guy puts your files on eFiles.com - I haven't tested it but I might actually give it a whirl.
- WordPress Automatic Online Backup - this is another promising service which I have not tried out but am thinking of giving a whirl. Like I said automation is key.
In general people do not like to think about things like backups. It's not a very sexy subject to say the least. But from my experience there is nothing worse than having to weed through a mass of files, downtime, and just the frustration of repairing things.
These backups can make a bad experience like getting injected relatively painless. It's a bit of a "set it and forget it" scenario.
If this is your first visit here you might want to have a look at my other WordPress Security and SEO Posts
All the best,