Tonight was going to be a normal night for me. Dinner, chatting to the fiancee, clearing up then either sorting stuff out in the house, or continuing with my own website. But, i got a call at 5.30 pm that changed my plans...
It was a client with a problem. However, it wasn't a problem with their site, but actually a problem with the site of one of their clients. We'll call the client of the client "company X".
Company X's website was seriously broken.
Company X (who i'll keep hidden for obvious reasons) had coded their own site in wordpress. Thankfully with Google, they were able to master the design side of wordpress enough to build a design for their popular electronics site. Good for them. However, not knowing enough about the platform they chose to build on meant that when something went wrong (as it did tonight) they had no-one to call in to help. This is where i come in.
My client was made aware of Company X's problems and thought "Hang on a moment, i know just the chap". Phone call at 5.30pm and i was on the job.
Sure enough, looking at the site it was obvious something was seriously unhappy. PHP errors, lack of HTML header amongst other issues made it obvious this was more than just a dodgy plugin or wordpress update.
It took two and a half hours of tinkering to sort the problem. It wasn't a dodgy plugin, or a stray semi-colon (the bane of all web developers!). Their site had been properly hacked, and not by a bored teenager!
For the nerds amongst you, the theme files were ridden with malicious javascript, their .htaccess file was including malicious php files and some of their plugins had been targetted too. It's a good job i know Wordpress enough to be able to know what files to check, as an average wordpress install has 917 files, excluding plugins. With my knowledge of Wordpress, i was able to recreate the usual procedure that it would go through in order to generate what you and I would look at; the website. It was properly mucked up, and Company X were lucky that my client knew of someone who thought they would have a go fixing it.
The moral of this story is simple; who would you call if your website went down? Do you have a decent enough relationship with the company that developed your site to the point that you know they would answer the phone at 5.40 and then work another two and a bit hours to solve the problem? This isn't a post about making us look good, but it's a serious question a business has to ask themselves if they're going to rely on their web presence being up and available.
In case you've read this post and thought "Damn, i like the sound of codepotato" then please do get in touch. We are contemplating setting up a service where we'll take all the steps we know to secure wordpress (and possibly other) websites. Get in touch for more info.
I think i'll go have a cider now...
(courtesy to josh.webb for the flickr photo)
p.s. Wordpress now powers more than 50 million websites worldwide. Even more reason to make sure you know someone who understands it.
p.p.s This was the response i got from my client today, as a result of my help yesterday :