I’ve just done something stupid. I attempted to install a new plugin for Wordpress without verifying the contents of the package. The result? I lost most of the file system under this website. From what I can see in the script, it also attempted to various other nasty things such as deleting files from outside the web root, and emailing certain files to other websites. It’s a good job I have file permissions set up so that the web server can’t access the file system outside of its root. I’m lucky it didn’t attempt to trash the database too!
I’ve requested a partial restore of content from our web host so that I don’t have to go through the pain of adding all the content again. Hopefully it’ll be back up soon.
I’m not happy, but I only have myself to blame. Whatever you do, unless you’re grabbing from the official Wordpress plugin repo, make sure you check out the contents of the plugin before you attempt to install it!
March 18, 2008
Doh! My blog’s pretty much a vanilla Wordpress install (plus Askimet). New versions seem to break a lot of plugins/themes so it seems more effort than it’s worth to customise it.
March 18, 2008
Aye, but I like to play with stuff! I did learn a harsh lesson though.
I need to add the OpenID headers back to the site too, I just realised that they’ve disappeared.
March 22, 2008
On the idiocy scale, I think this is a 5/10… If you have an expensive laptop and a set of jeweller’s screwdrivers, you can easily score an 8 or 9 (but I digress…)
March 22, 2008
True, it’s not the most stupid thing I could have done. So, do tell us about the motivation behind your new backup strategy