Free from Google’s dreaded “the site you are attempting to access has been infected with malware.” About a month ago my site was the victim of a drive-by code injection that put bad stuff on my site.
Cue sound effect: Oh no!
After being notified by my host, I tried removing WordPress themes that may have been the weak link. It made me feel better, but it probably didn’t do much. Then I installed a virus checker on the site, and it, too, made me feel better, but I still wasn’t sure I was in the clear.
Fast forward to this week when I actually had a few hours to put forth trying to solve this, and I began asking myself: “If I do get this cleared up, how does Google know the site is clean?” Hmmm. A number of Google searches later, I come to find that Google has a method to re-verify your site after such an attack. Sounds good. Now on to the fixing.
As one can only bang one’s head against a wall for so long, I decided to backup the site to my local drive, have it recertified, then go about reinstalling my WordPress blog little by little. Only those elements I need to run the site will be put back. Funny thing – when copying the site locally, my virus checker found a couple of nasties and fixed them right up. This is good, right? They most likely came from some rogue theme or add-on I installed that had a nice big hole in it for someone to drive through and put bad stuff on my site.
The recertification took a couple of days – I, of course, thought it would be nearly instantaneous. I didn’t feel like waiting, so I uploaded a fresh installation, reloaded the content, and waited for the validation to come through. Yesterday, I had a shining moment of joy when I went back to the site and DIDN’T receive any warning. Hooray!
No more random themes. No more weird add-ons. No more automatic user acceptances. Let’s keep it clean people!