Recently I noticed that the blog was being invaded by link spammers. It wasn’t visible on the pages you see, but it was in the code (index.php for you programmers) and as a result, when someone did a search and returned a result from high hopes gardens, links to various pharmaceuticals and other typical spam were in the search results.
I found out that it was a result of a security hole in the older version of WordPress I was using. It was a bit complicated to upgrade as I also use a custom theme and couldn’t do a quick and dirty update. But I managed the update fine and then went looking for add-ons to improve security. I found one that added another level of password security anytime someone touched a file on the web server. So I installed that and I was immediately password protected out of my own stuff! I could not access any of the administration panels to delete the add-on. So, while my blog looked fine to the outside world, I could not add or delete anything to it on the server, even if I FTPed and deleted the folder that held plug-in. I was stuck in the deep mud. Messages to Yahoo, the add-in community, and WordPress did not help me, although I did find out the reason it did not work was that the add-in was only designed for a web server running a certain kind of software – nowhere in the instructions did it tell you this – so my web provider did not support one of the needed files, so I was in never-never land.
After a few days of waiting and searching for an answer, the only way I could get back was to delete everything from the web server and reinstall everything from backups and new install packages. But now we’re back!