Not a fun Friday.
At some point yesterday morning, my WordPress database disappeared and was replaced with a default WordPress install.
It looked like this in Safari:
That tiny print is the copy that’s on a default WordPress installation, but with the Thesis theme I use applied to it…kind of. I couldn’t log in to wp-admin.
More troubling, the title of the blog was changed to a funky spam link.
I am a pretty good problem solver…when it’s someone else’s problem. When it’s my problem, I tend to be like a scene from Airplane. All panic and I can’t think logically.
Luckily, Erik was the one who brought the problem to my attention, and he stuck with me until the site was restored. Also working in my favor was the WordPress Database Backup plugin that I’ve had installed for years. It emails me a backup of my database every night. We used iChat for screen sharing, which worked really well. When we looked in phpMyAdmin, 6 years of blog content was gone.
Erik restored my database to the most recent backup I had been emailed. After the content was restored, I had to reset my .htaccess file and some Thesis settings. And it appears some posts have formatting issues now they didn’t before. But all-in-all the site seems no worse for wear.
To be safe, I changed all my passwords. Was I hacked? Database corruption? Security hole on the theme or plugin?
Turns out, it was something that went wrong at MediaTemple (my host). I opened a support ticket after the site was restored, and a few hours later got this response:
I consulted with our admin staff about this issue. The reason for why your database data was missing was due to an issue on our end that we are aware of. I sincerely apologize for this happening to you. I have credited your account for the trouble.
Yikes! They credited me $20, and assured me that what happened wouldn’t happen again.
This was caused by a temporary problem on our end. Unfortunately, this was a matter of bad timing. I understand that you’re concerned that it would happen again, but without going into detail on what the issue on our end was I assure you it’s being taken care of and was not a normal circumstance.
We figure the spam title was because the default WordPress install that replaced my database was an older version which immediately fell victim to known security exploits.
Moral of the story:
MAKE SURE YOUR DATABASE IS BACKED UP.
I can’t imagine what I’d be going through right now if I didn’t have that backup file at the ready. The plugin I use is easy. There are other ways to do it. The geeks are rolling their eyes at the obvious advice, but the average, every day blogger with a self-hosted install doesn’t think of these things. We should.
Just do it. Backup. Now.