Hmei7, the hacker, has wreaked havoc on Australian WordPress Websites over the past weeks. I’m also hearing that South African Websites have also been hacked by him/her. I wrote a Post last week regarding Crazydomains WordPress Websites that have been hacked by Hmei7. You’ll know that you’ve been hacked as you’ll get a popup message in your Internet Browser stating ‘hacked by Hmei7′ (the message is the same for Firefox, Internet Explorer, Chrome, Opera, Safari and others).
How did Hmei7 hack your Website?
What did Hmei7 do? It seems that Hmei7 gained access to one or more database server/s and then simply ran a simple SQL script on the various MySQL databases. He/She ran the script against all Post and Page titles and merely replaced existing titles with a script that ‘created’ the popup. WordPress has a title on every Page and Post so it was a simple but very effective hack. I’ve also seen some WordPress Sites where passwords have been changed for users but again this is simple enough to do via a generic SQL script (no need to panic as WordPress passwords are generally secure enough and are stored as an MD5 hash i.e. others are unlikely to be able to read your password even if they have access to the MySQL database).
So how did Hmei7 get into your Website? Unfortunately I don’t know exactly how the hacker gained access to the database however I haven’t seen any evidence that WordPress, Themes or Plugins were the entry point for the attack.
And what could you have done to prevent being hacked? Besides using a reputable host there is probably little that could have been done to prevent your Site being hacked. Of most benefit however would have been having all Plugins, Themes and WordPress itself updated (to the latest version) as well as having a recent database backup available (from which to recover).
How to recover from Hmei7 hack
The most simple means to recover from this attack is to restore a recent backup of your WordPress database. Failing a recent database backup being available then; login to the WordPress dashboard, delete the script in every Page and Post title as left by Hmei7, rewrite all titles and save the new titles.
If you don’t have a recent database backup available you are potentially in for alot of work in rewriting all your Page and Post titles. If you need a daily backup solution installed then contact me. Also, if you want to move to a new more reliable Webhost I can recommend some for you and even help you to move your Site to a better WordPress host.