Cherlynn’s website was hacked on Boxer’s Day. She messaged me while I was about to pack up and leave school for dinner with a friend, saying that she could not access her WordPress backend as usual. I went into overdrive and access to her cPanel directly. I did not have the site checked out until I saw this:
The user_email had been changed. I had it replaced with an email under my control and reset the password through the WordPress system instead of changing the user_pass directly in phpMyAdmin. When I logged into the site, the first thing I noticed was this:
I immediately took down the site and had the index.php file replaced with a maintenance message. I was hungry and so was my friend.
Moving on, I had no idea how they did it. The only sign was that it was hacked about 6 hours earlier. The only file I could detect a change was index.php in the active theme folder. There was no raw logs for me to see. It was my fault since I didn’t have it enabled when I helped her setup the site years ago. So I did what I could: I replaced the core files if there were any unwanted changes, and I had old, obsolete, unmaintained plugins removed or replaced, unless I had seen the codes and understand what the codes are doing.
This sparked me to doing maintenance on my site too.
It was running terribly slow. I had too much bloat in the system. The only saving grace was that this site is hosted on local soil, fast enough, but slow nonetheless. I ended up removing competing plugins, cleaning up database, and implementing cache, CloudFlare. It also indirectly sparked me to hack the Facebook plugin.
If I was lazy or missed a step, there would not be a featured image to display in the og:image tag. This hack would allow a user to specify an image to use. Still a work-in-progress since I have yet to test out the hack. After the test, a pull request will be made to the git and hopefully, my name would be on the contributors list. Heh.
And oh, I don’t like it how the plugin gets the full size of the featured image and list it in og:image. It should at least be gracefully degraded from thumbnail size if the thumbnail size is not at least 200x200px. Preferences, I guess.