In case you’re confused by the post title, that’s me swearing. Back in April sometime, this site suffered one of those evil eval(base64_decode hacks. I cleaned up as best I could but today I realized I had left some of its evil schmutz behind. So I fired up Cyberduck intending to download all my files as a backup. In the middle of a right-click command my mouse battery died resulting in an accidental delete command instead of whatever I had intended. I managed to hit the ESC key before anything too important was consigned to the void but probably broke the site for awhile.
Then I ran out and got fresh clean copies of WordPress and all my plugins. And on a complete whim I just nuked my old theme since I knew WordPress was giving me a clean copy of TwentyTen, and my old theme wasn’t widget aware.
I’ve done some minor customization involving grabbing a pretty tiling background from Webtreats, creating a header image to match using Illustrator and a font I like called Lady Rene, and making some minor CSS tweaks to the theme so that the navigation menu picks up the header image colors. I also re-added some sidebar items using widgets instead of editing the sidebar.php file like I had to do with my crusty but trusty old theme.
This isn’t really the look and feel I intend for my site yet, but it will suffice until I really get rolling on a new design. Meanwhile I’m learning that two other sites I maintain have the same evil hack in them (sigh), so I will have to devote some significant time tomorrow to fix them. And I also need to check and see if code has been injected into my database, but after almost deleting all my site files I am a little gunshy considering that it’s 1:25am and I’m even more tired and prone to errors than I was earlier. So the database check will wait until after I sleep.
I’ve been following guidance from Smackdown on cleaning up the hack. Next up will be Hardening WordPress. But between bouts of this unpleasant business there will be the fun of creating art for #ds106, and for that I’m grateful!