{"id":375,"date":"2011-03-29T20:00:51","date_gmt":"2011-03-30T00:00:51","guid":{"rendered":"http:\/\/hibbets.net\/blog\/?p=375"},"modified":"2011-03-30T09:06:53","modified_gmt":"2011-03-30T13:06:53","slug":"the-story-of-a-wordpress-hack","status":"publish","type":"post","link":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/","title":{"rendered":"The Story of a WordPress Hack"},"content":{"rendered":"<p>On the evening of March 27th, I discovered several WordPress websites I maintain were hacked. Most notably, <a title=\"South West Raleigh - The CREATIVE District\" href=\"http:\/\/southwestraleigh.com\" target=\"_blank\">southwestraleigh.com<\/a>. My personal site, hibbets.net, was also compromised in the early hours of the morning.<\/p>\n<p>As I started checking all the client websites I maintain for <a title=\"Red Waves Web Design\" href=\"http:\/\/redwaves.com\/\" target=\"_blank\">Red Waves<\/a>, I found it was only WordPress sites that were compromised. It was easy to see, because the hacker took over the home page of the sites with a political message.<\/p>\n<p><a rel=\"attachment wp-att-377\" href=\"http:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/hacked-by-ahmdosa-hacker\/\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-377 alignnone\" title=\"hacked-by-ahmdosa-hacker\" src=\"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\" alt=\"\" width=\"400\" height=\"188\" srcset=\"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png 400w, https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker-300x141.png 300w\" sizes=\"auto, (max-width: 400px) 100vw, 400px\" \/><\/a><!--more--><\/p>\n<p>I believe the compromise exposed a vulnerability in WordPress sites that were not updated to 3.1. I admit, I was behind in upgrading these sites to the latest version. If you remember only one thing from this post, remember to <strong>maintain your site updates<\/strong>.<\/p>\n<p>I was curious how the hacker got in and what they did. Before we go down that path, it&#8217;s important to note the the steps I took to restore my sites.<\/p>\n<h3>Restoring hacked sites<\/h3>\n<ol>\n<li>I contacted my hosting provider to make them aware of the situation<\/li>\n<li>I requested the hosting provider restore my website files so that traffic coming to the site would not see the compromised messages<\/li>\n<li>I downloaded certain information like log files, error messages, and databases back-ups<\/li>\n<li>After an exhaustive discovery (below), I requested full restoration of web and database files for each site from a back-up made previous to the compromise<\/li>\n<li>When each site was restored, I changed the passwords and upgraded the WordPress installations (and plug-ins) to the most recent updates<\/li>\n<\/ol>\n<h3>The Steps the Hacker Took<\/h3>\n<p>Here is how they discovered the site. They ran a search on &#8220;WordPress&#8221; and  the IP address of the server. So it appears that this was a random, spidered attack, not a targeted one to me or other sites.<\/p>\n<blockquote><p>41.226.160.125 &#8211; &#8211; [27\/Mar\/2011:18:42:27 -0500] &#8220;GET  \/2011\/03\/1st-annual-state-pattys-day-scavenger-hunt\/ HTTP\/1.1&#8221; 200 44559  <a title=\"Bing search on IP address and WordPress\" href=\"http:\/\/www.bing.com\/search?q=ip%3a69.175.84.146+wordpress&amp;go=&amp;qs=n&amp;sk=&amp;sc=8-20&amp;first=21&amp;FORM=PERE1\" target=\"_blank\">&#8220;http:\/\/www.bing.com\/search?q=ip%3a69.175.84.146+wordpress&amp;go=&amp;qs=n&amp;sk=&amp;sc=8-20&amp;first=21&amp;FORM=PERE1&#8221;<\/a> &#8220;Mozilla\/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit\/534.16  (KHTML, like Gecko) Chrome\/10.0.648.151 Safari\/534.16&#8221;<\/p><\/blockquote>\n<p>I noticed other sites on the same server were compromised by <a title=\"Ahmdosa Hacker\" href=\"http:\/\/www.zone-h.org\/archive\/notifier=Ahmdosa%20Hacker\" target=\"_blank\">Ahmdosa Hacker<\/a>.<\/p>\n<p>It appears they logged in with no issues, which is very strange to me. To be honest, I find it very hard to believe that they had passwords for all these WordPress sites.  They probably exploited a known security vulnerability in <a title=\"WordPress security\" href=\"http:\/\/wordpress.org\/news\/category\/security\/\" target=\"_blank\">WordPress<\/a>, which is why you should always upgrade. Here is the access line from where they logged in:<\/p>\n<blockquote><p>41.226.160.125 &#8211; &#8211; [27\/Mar\/2011:18:44:12 -0500] &#8220;POST \/wp-login.php  HTTP\/1.1&#8221; 302 &#8211;  &#8220;http:\/\/&#8230;\/wp-login.php?redirect_to=http%3A%2F%2Fsouthwestraleigh.com%2Fwp-admin%2F&amp;reauth=1&#8221; &#8220;Mozilla\/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit\/534.16  (KHTML, like Gecko) Chrome\/10.0.648.151 Safari\/534.16&#8221;<\/p><\/blockquote>\n<p>Then, they used the theme editor to break WordPress and allow them to upload a  malicious script called product-MF.php, which seems to be a newer variant  of\u00a0 a shell like hack called NeT-Own3r, according to a security expert I consulted.<\/p>\n<blockquote><p>41.226.160.125 &#8211; &#8211; [27\/Mar\/2011:18:44:43 -0500] &#8220;POST  \/wp-admin\/theme-editor.php HTTP\/1.1&#8221; 302 &#8211;  &#8220;http:\/\/&#8230;\/wp-admin\/theme-editor.php?file=\/themes\/twentyten\/functions.php&amp;theme=Twenty+Ten&amp;dir=theme&#8221; &#8220;Mozilla\/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit\/534.16  (KHTML, like Gecko) Chrome\/10.0.648.151 Safari\/534.16&#8221;<\/p>\n<p>41.226.160.125 &#8211; &#8211; [27\/Mar\/2011:18:44:58 -0500] &#8220;POST  \/wp-admin\/theme-editor.php HTTP\/1.1&#8221; 200 636  &#8220;http:\/\/&#8230;\/wp-admin\/theme-editor.php?file=\/home\/public_html\/wp-content\/themes\/twentyten\/functions.php&amp;theme=Twenty+Ten&amp;a=te&amp;scrollto=0&#8221; &#8220;Mozilla\/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit\/534.16  (KHTML, like Gecko) Chrome\/10.0.648.151 Safari\/534.16&#8221;<\/p>\n<p>41.226.160.125 &#8211; &#8211; [27\/Mar\/2011:18:45:00 -0500] &#8220;GET  <strong>\/wp-admin\/product-MF.php<\/strong> HTTP\/1.1&#8243; 200 54223 &#8220;-&#8221; &#8220;Mozilla\/5.0 (Windows;  U; Windows NT 5.1; en-US) AppleWebKit\/534.16 (KHTML, like Gecko)  Chrome\/10.0.648.151 Safari\/534.16&#8221;<\/p><\/blockquote>\n<p>The product-MF script seems to provide the hacker with shell access, has an IRC bot associated with it, and can turn off PHP safe mode and Apache&#8217;s mod security. This is powerful to a hacker who needs to gain access to a system.<\/p>\n<p>When I reviewed the error logs, you could see the function.php script in  the WordPress theme directory showing some errors. When I looked at the  actual file, it had a file size of 0.<\/p>\n<blockquote><p>PHP Warning:\u00a0 copy() [&lt;a href=&#8217;function.copy&#8217;&gt;function.copy&lt;\/a&gt;]:  Filename cannot be empty in &#8230; [the WordPress theme directory]<br \/>\nPHP Warning:\u00a0 Cannot modify header information &#8211; headers already sent by  (output started at [the WordPress theme directory]) in &#8230;  \/wp-admin\/theme-editor.php on line 99<\/p><\/blockquote>\n<p>I don&#8217;t know the extent of what was changed, but I do know they modified the passwords for any WordPress user who was an admin. They were also able to modify the index.php files or configure a redirect for any sites not using WordPress in the root directory.<\/p>\n<p>Most people are embarrassed to get hacked. I&#8217;m no different. In all my years on the web, this is the first time happening to me. I&#8217;m sharing my story to help others out. I wish all this energy doing bad things on the web could be used to solve some of real problems instead of creating headaches. Don&#8217;t you?<\/p>\n<p>Feel free to contribute additional details, resources, or stories in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On the evening of March 27th, I discovered several WordPress websites I maintain were hacked. Most notably, southwestraleigh.com. My personal site, hibbets.net, was also compromised in the early hours of the morning. As I started checking all the client websites I maintain for Red Waves, I found it was only WordPress sites that were compromised. [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,22],"tags":[],"class_list":["post-375","post","type-post","status-publish","format-standard","hentry","category-hibbets-net","category-open-source"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19\" \/>\n<meta property=\"og:description\" content=\"On the evening of March 27th, I discovered several WordPress websites I maintain were hacked. Most notably, southwestraleigh.com. My personal site, hibbets.net, was also compromised in the early hours of the morning. As I started checking all the client websites I maintain for Red Waves, I found it was only WordPress sites that were compromised. [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\" \/>\n<meta property=\"og:site_name\" content=\"Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/jhibbets\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/jhibbets\" \/>\n<meta property=\"article:published_time\" content=\"2011-03-30T00:00:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2011-03-30T13:06:53+00:00\" \/>\n<meta property=\"og:image\" content=\"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\" \/>\n<meta name=\"author\" content=\"Shibby\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Shibby\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\"},\"author\":{\"name\":\"Shibby\",\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17\"},\"headline\":\"The Story of a WordPress Hack\",\"datePublished\":\"2011-03-30T00:00:51+00:00\",\"dateModified\":\"2011-03-30T13:06:53+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\"},\"wordCount\":841,\"commentCount\":9,\"publisher\":{\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17\"},\"image\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\",\"articleSection\":[\"hibbets.net\",\"Open source\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\",\"url\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\",\"name\":\"The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19\",\"isPartOf\":{\"@id\":\"https:\/\/hibbets.net\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage\"},\"thumbnailUrl\":\"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\",\"datePublished\":\"2011-03-30T00:00:51+00:00\",\"dateModified\":\"2011-03-30T13:06:53+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage\",\"url\":\"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\",\"contentUrl\":\"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png\",\"width\":\"400\",\"height\":\"188\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hibbets.net\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Story of a WordPress Hack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hibbets.net\/blog\/#website\",\"url\":\"https:\/\/hibbets.net\/blog\/\",\"name\":\"hibbets.net #CrowdVibes music and travel blog\",\"description\":\"Enjoy the #CrowdVibes\",\"publisher\":{\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hibbets.net\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17\",\"name\":\"Shibby\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2024\/01\/shibby_rdu_20230414-scaled.jpg\",\"contentUrl\":\"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2024\/01\/shibby_rdu_20230414-scaled.jpg\",\"width\":2560,\"height\":1920,\"caption\":\"Shibby\"},\"logo\":{\"@id\":\"https:\/\/hibbets.net\/blog\/#\/schema\/person\/image\/\"},\"description\":\"Digital creator and independent consultant in Raleigh, NC. Owner at Soul Surfer Consulting, working with All Things Open. Author: https:\/\/theopensourcecity.com\/\",\"sameAs\":[\"https:\/\/hibbets.net\",\"https:\/\/www.facebook.com\/jhibbets\",\"https:\/\/www.instagram.com\/soulsurferllc\/\",\"https:\/\/www.linkedin.com\/in\/jasonhibbets\/\",\"https:\/\/www.youtube.com\/jhibbets\"],\"url\":\"https:\/\/hibbets.net\/blog\/author\/shibby\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/","og_locale":"en_US","og_type":"article","og_title":"The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19","og_description":"On the evening of March 27th, I discovered several WordPress websites I maintain were hacked. Most notably, southwestraleigh.com. My personal site, hibbets.net, was also compromised in the early hours of the morning. As I started checking all the client websites I maintain for Red Waves, I found it was only WordPress sites that were compromised. [&hellip;]","og_url":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/","og_site_name":"Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19","article_publisher":"https:\/\/www.facebook.com\/jhibbets","article_author":"https:\/\/www.facebook.com\/jhibbets","article_published_time":"2011-03-30T00:00:51+00:00","article_modified_time":"2011-03-30T13:06:53+00:00","og_image":[{"url":"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png","type":"","width":"","height":""}],"author":"Shibby","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Shibby","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#article","isPartOf":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/"},"author":{"name":"Shibby","@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17"},"headline":"The Story of a WordPress Hack","datePublished":"2011-03-30T00:00:51+00:00","dateModified":"2011-03-30T13:06:53+00:00","mainEntityOfPage":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/"},"wordCount":841,"commentCount":9,"publisher":{"@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17"},"image":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage"},"thumbnailUrl":"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png","articleSection":["hibbets.net","Open source"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/","url":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/","name":"The Story of a WordPress Hack - Crowd Vibes | Music and travel blog \ud83c\udf3a\ud83e\udd19","isPartOf":{"@id":"https:\/\/hibbets.net\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage"},"image":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage"},"thumbnailUrl":"http:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png","datePublished":"2011-03-30T00:00:51+00:00","dateModified":"2011-03-30T13:06:53+00:00","breadcrumb":{"@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#primaryimage","url":"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png","contentUrl":"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2011\/03\/hacked-by-ahmdosa-hacker.png","width":"400","height":"188"},{"@type":"BreadcrumbList","@id":"https:\/\/hibbets.net\/blog\/2011\/03\/29\/the-story-of-a-wordpress-hack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hibbets.net\/blog\/"},{"@type":"ListItem","position":2,"name":"The Story of a WordPress Hack"}]},{"@type":"WebSite","@id":"https:\/\/hibbets.net\/blog\/#website","url":"https:\/\/hibbets.net\/blog\/","name":"hibbets.net #CrowdVibes music and travel blog","description":"Enjoy the #CrowdVibes","publisher":{"@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hibbets.net\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/69f30daa399553b475d0711a73134b17","name":"Shibby","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/image\/","url":"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2024\/01\/shibby_rdu_20230414-scaled.jpg","contentUrl":"https:\/\/hibbets.net\/blog\/wp-content\/uploads\/2024\/01\/shibby_rdu_20230414-scaled.jpg","width":2560,"height":1920,"caption":"Shibby"},"logo":{"@id":"https:\/\/hibbets.net\/blog\/#\/schema\/person\/image\/"},"description":"Digital creator and independent consultant in Raleigh, NC. Owner at Soul Surfer Consulting, working with All Things Open. Author: https:\/\/theopensourcecity.com\/","sameAs":["https:\/\/hibbets.net","https:\/\/www.facebook.com\/jhibbets","https:\/\/www.instagram.com\/soulsurferllc\/","https:\/\/www.linkedin.com\/in\/jasonhibbets\/","https:\/\/www.youtube.com\/jhibbets"],"url":"https:\/\/hibbets.net\/blog\/author\/shibby\/"}]}},"_links":{"self":[{"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/posts\/375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/comments?post=375"}],"version-history":[{"count":10,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/posts\/375\/revisions"}],"predecessor-version":[{"id":382,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/posts\/375\/revisions\/382"}],"wp:attachment":[{"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/media?parent=375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/categories?post=375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hibbets.net\/blog\/wp-json\/wp\/v2\/tags?post=375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}