I wanted to get a quick post here for a couple of reasons. Saturday January 14 I had a major website failure that for a little over 24 hours had this bradmangs.com site completely disabled.
The issue started when I decided to install a new security plugin called “Wordfence”. From research I came to the conclusion I needed this for exactly what it is supposed to be good at, security. Security in the form of malicious access, hacking attempts, and unauthorized installation of damaging or malicious code. Sounded like a good and needed thing.
This was installed last Friday and was active for about 24 hours. In that time I received notification that there were some “unknown” files present with the potential of being malicious. It referenced these files and suggested they be removed with big red X’s placed next to them for easy removal. So with one click, poof they were gone. And you guessed it, so was the functionality of this entire site. I simply took it’s suggestion without much research into what it was referencing. Big mistake.
As some of you know this site runs on the WordPress platform. One of the mostly widely used content management platforms worldwide. A very good platform for not only blogs such as this but just about any type of website can be built using WordPress. I won’t get into the details of WordPress other than to say it’s functionality in part is made possible with the easy addition of plugins of which there are tens of thousands available and Wordfence is one. Thanks to another plugin I was smart enough to install a couple of years ago called Updraft Plus, a site back up plugin that routinely creates full back ups of this site. I fear with out UpdraftPlus I would be back to square one.
I took a quick look and see that I started this blog September 13, 2009 and now have 670 published posts. That is not counting the pages of behind the scenes content that is used to in addition to the post’s themselves such as 1485 images that go along with post’s, pages, products, page layouts, and the like.
Attempts were made to update WordPress through my hosting site which failed, I believe due to the fact it was a broken installation at that point. I spent many hours trying to figure out exactly what had taken place and attempting to simply correct what I though were a few missing files. These files ended up being WordPress core installation files that are installed during the initial installation at my hosting site. What completely blows my mind is, what in the sam hell was Wordfence doing suggesting these files were “unknown” and possibly malicious, and suggesting them for removal? For the love of pete if the Wordfence developer was standing in front of me I would….. well, since I try to keep this site rated PG I can not say what I would do, but you probably get the point. The decision was finally made to uninstall it completely. Which left this site, for a few hours completely nonexistent. Simply a url with nothing there.
I have my backups take place monthly which I still believe is sufficient. But as my luck was going, for some reason I did not have a December 2016 backup and the latest was November 2016. I am not going to sweat that to much other than verify UpdraftPlus a little closer and possibly change where my backups are stored. Presently they go to a Google Drive account, which is a complete pain to set up and could be the reason for the missing December backup.
So November was restored and here I am. I had added a couple of new posts since November along with the December print of the month. Really the only things that are missing at this point. Gone to the great cloud storage in the clouds, literally.
I could probably go on rambling incoherently about this for another couple hundred words but there is no need. I have been slowly getting things back in proper working order. Slowly checking all the functionality of the site. This is the first time I have had a major snafu such as this and actually needed to rely on complete backups. I will give a shout out to the folks at UpdraftPlus. As I mentioned they pretty much saved my butt on this one.
I believe things are back in shape, minus the December updates. Time to carry on, and make sure the backups keep happening!