How To Fix: H4ck3d by R3d Dr4GoN

How To Fix: H4ck3d by R3d Dr4GoN

This happened to me on both of my WordPress blogs, this one, and Pacific Northwest Photoblog. This could happen to any site though, not just WordPress sites.

How To Fix: H4ck3d by R3d Dr4GoN

First off, do not panic.

Either way clearing this up is pretty easy. In both cases there was a 301 Redirect in my .htaccess file on the very first line. I removed this and was able to get to sub pages. The main page continued to be a problem though. Looking closer I found that I had an index.php and index.html page. Since WordPress renders completely in PHP, the presence of Index.html was a bit strange. Taking a look at it I found:

HTML>

H4ck3d By R3d Dr4GoN






This Site Is

Very clearly this is incorrect. So I renamed Index.html to Index.hack, refreshed my main and everything was back to normal! After this be sure to change the password to your terminal/ftp user, create new SSH keys or create new ones if you don’t have any, and just to be safe, change your WordPress blog admin password.

While the actual hack was pretty amateurish, and was likely done by a script that exploited known security issues, it shows just how important proper security is in this day and age. And more importantly, it shows that no matter what you know, and how much you prepare – you will get hacked someday.

How To: Streamline WordPress by removing Database calls

How To: Streamline WordPress by removing Database calls

*Warning – the following instructions involve editing PHP code. Doing so incorrectly can mess up a working blog very badly. Only attempt if you are confident you know what you are doing.*

One of the powers of WordPress is that it is very customizable with thousands of themes and as many plugins. A lot of this customization is done via generic database calls that store the required information. This has two advantages, theme designers know exactly what calls to make so that a blog shows all the required information. And this allows blog admins to quickly and easily flip between themes with no configuration needs afterwards.

But the downside is that a blog makes over a dozen database calls just to bring up a single web page. Many of these are stored in the header.php and footer.php files and only shows such information like the blog name, title, and dynamic links to resources pulled up every time. By removing these database calls and hardcoding the links we can not only streamline and quicken webpage loading, we can also reduce the number of database calls a page needs.

Note that several themes will update automatically occasionally. This will remove any changes you’ve made. The best suggestion is to copy your preferred theme to a new theme directory and call it a different name, then make the new theme your active one that you’ll streamline.

Here is the Header.php file from the “life-is-simple” WordPress Theme. This is a pretty simple and generic theme so it makes a good example.




<html xmlns="http://www.w3.org/1999/xhtml" >

<meta http-equiv="Content-Type" content="
  ;
  charset=" />
 
<meta name="generator" content="WordPress " />


 


@import url(  );


<link rel="shortcut icon" href="/icon.png" type="image/x-icon" />
<link rel="pingback" href="" />




<body >

I highly suggest changing one line at a time and testing it before going on to the next. This will help find any errors that popup through misplaced tags.

In the WordPress world, <?php denotes a database lookup of some sort. These are the lines that we want to try to remove as much as possible, but there are a few other locations we can clean up also.

<html xmlns="http://www.w3.org/1999/xhtml" >

<meta http-equiv="Content-Type" content="
  ;
  charset=" />

can be streamlined to:




All we did was remove the database lookup by hard coding the variables that would have been found. It’s critical to note that the charset maybe different for your blog depending on the language of the blog. The exact charset you should use is beyond the scope of this post, if you want to know more about charsets, here are some good links:
WordPress Database Charset and Collation Configuration
How to Avoid Character Encoding Problems in PHP
Seeing Weird Characters On Your Blog? Here’s How To Fix Your WordPress Character Encoding (Latin1 to UTF8)

For SEO reasons, we probably want to keep the next php lookup:

<meta name="generator" content="WordPress " />

But the title lookup can streamlined drastically

 

As the blog author we know what the page title (wp_title,) and bloginfo already are – in fact when first setting up WordPress these were likely two of the very first things entered. Just in case it’s needed, these are under General -> Settings. The page title is “Site Title,” and bloginfo is the “Tagline” field.

How To: Streamline WordPress by removing Database calls

So we can minimize this line to:

Pacific Northwest Photoblog - Travel Photos and History from the Pacific Northwest

The next line we can remove is the favicon, this is the 16×16 pixel icon that shows in the address bar and is saved when a page is bookmarked. The actual name can change from theme to theme, but it will always be located in the theme directory under wp-content. So this line:

<link rel="shortcut icon" href="/icon.png" type="image/x-icon" />

becomes:


The icon may also have an .ico extension, or it can be something called favicon.png.

The next database lookup finds the pingback url. Note that this is an href= link that is looking for an html link, the database lookup simply grabs the webpage url, then appends /xmlrpc.php to it. All we do is add the link ourself.

<link rel="pingback" href="" />

In the original code above, the next database lookup is a critical one. This brings up the actual “body” of the blog. This could a static page, or a list of posts, depending on what settings were chosen in the blog. Either way, skip over the following database lookup because it is hugely critical.

<body >

In the header wrapper though, we have another familiar line:

<a href="/">

This is almost exactly the title line from above, but with an href link to the home page in it.

Pacific Northwest Photoblog

Travel Photos and History from the Pacific Northwest

At this point the header.php file is streamlined quite significantly. Next we go to the footer.php file as there is a couple more database lookups we can hardcode here also.

Original footer.php file:

As you can quickly see there is another “bloginfo” lookup here including an HTML link, just like the title lookup had in header.php.

Pacific Northwest Photoblog .  <?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>

Some people would suggest removing the link to the Theme artist if it exists, along with other “useless” information. Personally I prefer to leave it to give credit to the people who provided the theme for free, but it does take a little resources to serve up. Every line removed decreases the load time slightly and will make a big difference if a blog is getting thousands of hits at once.

But we can do one other thing – remove the year lookup as defined by this piece of code:


I wanted to add my copyright blurb here so changed the code to:

Pacific Northwest Photoblog Copyright Rick Hamell 2006-2014.  <?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>

Some blogs will have an RSS feed link in this area. For posts this typically look like


And for comments the RSS Feed typically looks like this


My rss feed is http://PNWPhotoBlog.com/feed/ . But RSS Feeds can look a little different, especially if you use Feedburner. So be sure to check the exact link before editing the code.

Personally I do not care if people subscribe to my comments via RSS, but I would like more readers to subscribe to my general RSS feed. My full code now looks like this:

Pacific Northwest Photoblog Copyright Rick Hamell 2006-2014.  Subscribe via RSS

<?php _e('"Life is Simple" is a simple theme for WordPress, powered by Chereshka.', 'life-is-simple'); ?>

For perspective, this is what my footer now looks like:
How To: Streamline WordPress by removing Database calls
You can see how I have two links in here, one that goes to the home page, and one that allows users to subscribe to my RSS feeds.

By these directions we’ve removed sixteen full database lookups! This halved the loading time of my webpage, PNWPhotoblog.com. That is quite a difference, don’t you agree?

Thanks to Joost de Valk “Yoast” for his very informative blog post “Clean up you theme” that inspired this post. If you have any comments, suggestions, questions, or want to correct my code, please leave a comment below.