Attack of the JS redirections!

My WordPress was apparently hacked yesterday, and a couple hundred of my posts had their contents replaced or infected with a poorly obfuscated Javascript like < script type=text/javascript > eval(String.fromCharCode( 118,97,114,32,117,32,…. that resolves into a redirection to some malware site.

I had to do various convoluted things to clean and restore my database and various other convoluted things to prevent this from happening again. I had only barely finished when one of the new security plugins reported:

Site Lockout Notification
Host/User Lockout in Effect Until Reason
Host: 2020-05-05 19:09:02 too many bad login attempts

Which IP is in a range of a Chinese ISP from the Alibaba group. To be fair, it’s probably just one of a pool of hacked devices spread all over the world. EDIT: Since I activated notifications, I see at least one blocked brute force login attempt every day.

I’ve also disabled comments, since I get nothing but spam anyway.

This is a reminder to everyone with a wordpress site to install enough plugins for backup and security. Without backup in place, I would probably have lost most of my site.