A few days ago, Stratos’ Sphere was hacked, or “defaced”. I’m guessing that’s what it was, because the attached image was what visitors would see, instead of my blog. This was quite ironic, actually, since I had just attended a security seminar (at work) where the “I’m safe because I’m small” attitude was found to be one of the most frequent reasons leading to hacked sites.
Here’s my account of what I had done wrong to end up with a hacked blog and what I did wrong while trying to recover, which may help others to avoid this situation or to make a faster and easier comeback.
To set the premise, let me point out that my blog is self-hosted and that I’m using a shared hosting service. I have my own domain name and I’m using cpanel in order to manage the hosted domain. So, what are the lessons I’ve learned?
I’m currently trying out the livefyre comment management system, but it’s taking loads and loads of time for its first time run – particulartly to import all pre-existing comments. New comments are possible, older comments will appear when the process is complete. Sorry about that.
I have recently installed the W3 Total Cache plugin, and it has made a tremendous difference. I have no specific metrics, but the feeling I have is as if it loads at least three times faster!! WOW!
What makes the biggest contribution is CDN (content delivery network), which I set up on a subdomain. It is not the easiest thing to do and it took a couple hours of tweaking to get it just right. I mostly followed the instructions found here:
There was something that annoyed me for some time: whenever I tried to copy-paste an Internet address written in Greek, the copied text would not appear in Greek; it would appear in some weird coding, where non-Latin characters were replaced by the ASCI code equivalent of the characters. That would (a) take up too much space and (b) appear gibberish and no-one could tell what it meant.
For example, what do you make of the following mess?
In order to be able to use the functionality of the embedded spell checker, you need two things: re-enable the embedded spell checker, which is disabled by default after CKEditor’s installation and then re-enable the browser’s original right-clickcontext menu. That’s how you do it:
Goto CKEditor settings, in wp-admin
Goto “File Editor” option on the menu on the left.
Make sure you’re editing “ckeditor.config.js”
Goto the end of the file and add the following two lines, after the existing text.
Now, a red curly line will appear every time the embedded dictionary does not recognize a word you type. With right-click, you see CKEditor’s context menu. With ctrl-right-click, you see the browser’s context menu, which includes correction suggestions!!
BTW, the theme uses Microsoft‘s Georgia font, which is simply gorgeous, but if you’re using Linux, where it does not come pre-installed by default, you may want to install the package ttf-mscore-fonts, so that you get to see what the designer really intended you to.