Well, you know the saying….

My website got compromised again. And it’s my fault.

(Well … as my-fault as someone else hacking my website can be….)

I cleaned my website last time, updated every version of everything I’ve got. But–call me naive–I didn’t change my passwords.

I’m learning a lot more about how sites are compromised. In this case, what they did was plant a php script on my site that was injecting code and returning account information. Then they replaced my error 404 page with a redirect through pretty much all copies of htaccess. 

So basically you’re clean unless you went to a dead link on my page.

I ran some scans on my laptop and came up clean, actually. But, just to be safe, run scans.