Airline Analytics
March 2025 - Rebuilt a compromised WordPress site from scratch in React after hackers wreaked havoc
How it started
A friend called. His company’s website was showing random products, prices, and and other ecommerce pages. The problem: he owns an airline data analytics company. Someone had injected ecommerce content into it, and it was just sitting there, live, confusing visitors.
After looking into it, the issue was outdated WordPress plugins with security holes. Nothing sophisticated. The door was unlocked and someone walked through it.
The problem
I didn’t know PHP. Still don’t. I didn’t know WordPress. Still don’t. The original codebase was proving difficult for me to work with.
After some pondering, I realized I could use the Wayback Machine to pull old snapshots of the site. It had everything I needed: the copy, the layout, what the thing was actually supposed to look like. I rebuilt the content from that.
The build
I rebuilt it in React. No plugins, no CMS, nothing with a surface area that could get hit again. Static files, fast, easy to audit.
It was my first paid project in tech. Also, the first time since my nightclub photographer days the early 2000’s that I used an FTP server. But that’s another story.
What I took away
Most WordPress sites don’t get compromised because someone was clever. They get compromised because plugins stopped being updated. The vulnerability is usually old and documented. Someone just found it.
Also: the Wayback Machine is a surprisingly useful recovery tool.