How to recover your Hacked WordPress Site (Part-2)


Have you read How to recover your Hacked WordPress Site (Part-1) yet?

Stage 3: Let the Sanitizing begin.

Once you’ve identified the “vector” or angle that the hackers used to compromise your website, you can now get to work plugging the holes.  Wordfence keeps a massive Archive collection of every known WordPress Theme and Plugin.  For those legitimate configuration files that might have simply been compromised along the way, you can re-download a known-good version of the file from the Wordfence archives.  Delete the ones that don’t belong on your website.  Just keep fixing those files which are infected, and deleting those that don’t belong until your site is once again clean.  If your hacker wasn’t aware of your attempt to take back your Account and Website, they will probably begin to realize it soon.  Keep moving!

Continue reading

How to recover your Hacked WordPress Site (Part-1)

So, you think that your WP Site got hacked, what is the first thing you should do?

There are quite literally several dozen things that you should do, but each case is different.  I will try to highlight the most important points below.  The reason that there are so many steps is that there are so many different ways to approach this dilemma.  The most immediate decision for you is are you going to adopt a hands-off approach of hiring a security consultant to clean it for you, or are you going to go the DIY route like I chose to do.  Even then, there are so many different ways that people prefer to do things.  Overall, this process involves a lot of smaller steps, but there is one step to the whole process that is really big, regardless of whether you DIY or hire someone to do the cleanup.  It may be the single most important aspect of this entire process: and that is changing your mindset on about how you approach security.  And that folks, is a massive undertaking, because changing the way your mind operates may also be the single hardest step in this entire how-to guide.

The following are all recommendations on my part, suggestions that you need to discard or accept, but in my opinion they make up a fairly logical progression on how to deal with such issues should you ever find yourself in this situation.   You can of course choose to perform these steps in a different order, but I believe that they will be most effective in the order I present them.  I hope they will at least be a helpful aid to you in your time of need, allowing you to recover as much of your website as is possible.   Cleaning any hack is going to take some time and effort, so you really need to think about whether you want to tackle this on your own.   In the end, I think you’ll be happy that you chose to do it yourself.  As with any such DIY process, you assume all risk and responsibility for any and all actions and outcomes, and obviously your mileage may vary.  No matter which direction you decide to go, I’ll wish you the very best of luck in your cleaning endeavors!

Continue reading

New (official) Chase Mobile Banking App is here!

Chase Banking customers can certainly celebrate today!

Their official Banking app for Windows Phone just appeared in the Windows Phone Store yesterday (October 1st).

The Chase Mobile app appears to be as comprehensive as they come. I’m actually quite envious that my bank doesn’t have a WP7.5 Mobile Banking app.

Per Microsoft’s Michael Stroh: “The free app makes it easy to manage your Chase bank and credit card accounts and move money around—browse account balances and transactions, pay bills, transfer money, send wire transfers, find ATMs, and more. My favorite feature: The app lets me deposit checks using my phone camera, saving a trip to my local branch.” Download it now!

Have an Unlimited 3G plan and 4G device?

A couple of months ago I was lamenting a problem with my new Lumia 900, wherein I was unable to connect to free AT&T WiFi Hotspots automatically.

This turned-out to be due to the fact that I was still on an AT&T 3G Data Rate Plan, even though I was using an LTE device. This caused any AT&T WiFi Hotspot to query the AT&T Wireless side to confirm my eligibility to access the hotspot for free, essentially validating of my Rate Plan. The response from AT&T Wireless is that there is no Unlimited Rate Plan for my LTE device, which then caused the connection to fail.

So then I was faced with the prospect of having to give-up my Unlimited Data Plan and choose a tiered rate plan in order to correct this issue. This wasn’t really a worthwhile solution to fix a WiFi issue, so I decided to leave it alone.

Well, thankfully I held-out (and hopefully you did too!), because AT&T has apparently seen the light and created a new Rate Plan called “4G/LTE Unlimited” as of September 6th. I should mention that this obviously only applies to EXISTING GRANDFATHERED “Unlimited” Users.

So if you originally had an Unlimited 3G rate plan and are now using a 4G or LTE device, you should call the AT&T Wireless number listed on your bill and ask for the new 4G/LTE Unlimited Rate Plan! It should be the same price as your current 3G Unlimited Plan, and should also be no charge to change from one to the other!

Using Speech in Windows Phone 7

The use of speech recognition is fairly well implemented in WP7, being both powerful as a system function, and yet simple to use from a consumer/user perspective.

To access this feature, simply press and hold the Start button on the phone. You will in turn receive a distinct set of tones to indicate that the phone is ready to accept your voice command as input.

There are currently four basic categories for commands issued directly with the phone:

– Calling Someone from your contact list.
– Sending a Text Message
– Searching the web for keywords.
– Open an application.

List of Commands
To Call someone from your contact list: “Call contact name” (where contact name is the name of someone in your contact list). If the person has only one phone number in your contact profile, the call will start. If he or she has multiple phone numbers, you’ll hear an option to choose one of them (usually “Mobile”, “Home”, or “Work”).

To Call any phone number: “Call phone number” (where “phone number” is any phone number)

To Call the last number dialed: Simply say “Redial”.

To Call your voicemail: Simply say “Call voicemail”.

To Send a text message: “Text contact name” (where contact name is the name of someone in your contact list). This will start a text message to that person. Then you can dictate and send the message-hands-free.

To Open an application: “Open application” or “Start application” (where application is the name of any application on your phone, such as “Calendar,” “Maps,” or “Music”).

To Search the web: “Find search term” or “Search for search term” (where search term is what you’re looking for). For example, if you say “Find local pizza”, Bing will bring up a map of nearby pizza
You can also use Speech while you are already on a current call in order to use Additional commands.

Press and hold the Start button to start Speech while on the call, and then say one of the following:

– “Press number” (where number is a number from 0 to 9) to press a number on the numeric keypad. This allows you to navigate in voicemail or an IVR (interactive voice response) system.
– “Speaker phone” to toggle your speaker phone on or off.
– “Call name” (where name is the name of someone in your contact list) to put the current call on hold and then call someone else.

You can read more about these four functions at Microsoft’s How-To webpage here:

Starting a new diet

Today, I started a new diet. What does this have to do with Technology you ask?

Well, I have downloaded and installed a few apps on my Windows Phone to assist me in my endeavors. And these apps are pretty cool, and utilize all sorts of new and exciting technologies!

The first is Microsoft’s own but entirely unknown app called HealthVault, which allows you to create a profile in the totally secure Microsoft Cloud, accessible to you (and your Doctor should you enable the option) from anywhere on the planet. Enter your medicines, allergies, conditions, etc into the app and they are always available to you and your doctor.

What’s really nice about this database is that it accepts input from certain health related devices, like body scales, blood pressure devices, etc.

The next is LiveScape, my personal favorite of the three. This app accesses HealthVault to store any daily dietary updates. This includes what you ate today, what exercising you’ve done (it will automatically calculate calorie intake and amount of calories burned), etc.

The really nice aspect of this app is the ability to map your progress through charts, but also includes a built-in pedometer to measure your exercise regimen, and a map to show your route.

The last to be installed was Your Shape, the sidekick app that helps you track your exercise regimen from “Your Shape: Fitness Evolved 2012” on the XBox 360 w/Kinect.

I’ll try reviewing each app in the near future, so check back for updates!

So Your WordPress got Hacked…

I’m a geek, and I love technology, so it’s not surprising that I have several websites for my different audiences: multiple public facing websites, private family websites, and local community websites.  I consider “In My Mobile World” to be one of my public facing websites.

Unfortunately, as a result of a vulnerability found in a PHP sub-routine called “Tim Thumb” (used in the WordPress Theme called “The Morning After…”), a hacker was able to gain access to my WordPress PHP code.  This particular Theme was used on one of my local community websites, so over the course of time the hacker also gained access to ALL of my websites since they are all accessible with root privileges on my hosting account.

I believe that I have now corrected all of the known “vectors of attack” in my websites by plugging all of the known vulnerabilities. Of course, only time will tell, and hackers may find additional new vulnerabilities with my websites in the future, so this is going to be an uphill battle.  So let’s see what we can do to prepare you for the same battle.