After a late night of cleaning up the blog, I hope everything’s back to normal now. As noted last night, my primary source regarding removing the hack the blog suffered was Personified. If you run a WordPress blog, I urge you to read through the linked post and check your blog’s database and files thoroughly, just in case. Pharma hacks can hang around for months before activation, and there’s still confusion regarding how they get in. (Note that shared hosting isn’t necessarily to blame—Pearson notes he was hacked while on an $800/month dedicated box.)

For the record, the hack here was pretty textbook: two plug-ins had compromised files with very sneaky names, and a new file showed up in the root. Since I lack encyclopaedic knowledge of the names of every file on my server, it took file-count comparisons with clean downloads to find the bad files. I also had several counts of malicious code in the database, along the lines of those outlined in Pearson’s piece.

iOS dev Bob Koon was also on hand last night, providing further helpful tips, and so Revert to Saved now has a seriously beefed up .htaccess, along with a slew of new plug-ins that lock down various elements of WordPress and inform me when any changes to files are made. (Obviously, I also changed all my passwords too.) CloakingDetector seems to think compromised pages are no longer seen any differently by users and GoogleBot, so I’m hopeful that over the coming weeks Google will respider the site and things will be back to normal.

Only time will tell if everything’s fine, though, because these hacks have a tendency to reappear at random if every little last bit hasn’t been cleaned out.