Good morning everyone. First of all please accept my apologies for the recent downtime, this was entirely my fault. No customer data was stolen and there wasn’t a hack attack, so if you’re not interested in the long explanation you can stop reading now.
For those that are interested, here’s a rundown of what happened. After finishing the post on Thursday evening, I came back to the computer to upload peoples tracking numbers. An Post (Irish Post Office) don’t have a direct connection to our website, so their software spits out a CSV file with tracking numbers in it, which can be uploaded and automatically processed in just a couple of clicks. When I went to do this, I immediately noticed that the home page layout had changed and several images were missing.
As a precaution I immediately switched the site into maintenance mode and contacted Sucuri to perform a full check on the website for either malware or hacking. We are on Sucuri’s business plan which stipulates a response within 6 hours, but in actual fact an engineer was scanning our site within a few minutes. Overall based on this experience we can highly recommend them.
Sucuri turned up some URLs that pointed to malware in our database, which were in a database table of URLs that the site had blocked due to malware, so basically there was nothing on the live, customer facing site and we could at least breathe a sigh of relief that no data was compromised.
The reason for the disruption was due to us trying to comply with the EU’s GDPR laws. Most people know I’m pro EU but that doesn’t mean I like and agree with every decision the EU council makes. For the most part though, GDPR seems sensible.
Approximately one year ago, as part of reviewing and updating GDPR compliance, we made the decision to move our servers and also our store back-end away from FoxyCart (based in the USA) to WooCommerce, so that all data would be stored on EU servers.
We hired an agency to manage this transition and after a few months work we were up and running with a new WooCommerce store. The agent then took payment from us and, naturally, didn’t log into our site again.
Meanwhile, in the account privacy settings of WooCommerce, you can find these settings:-
So far so boring, successful orders need to be retained for 6 years as mandated by the tax office, while cancelled orders and failed orders are discarded fairly quickly. However, at the top we can see “Retain inactive accounts”.
This was set to 1 year on our website. We figured that if someone doesn’t log in for a year, they probably don’t want their personal data on our site any more and, being the responsible EU based business we are, we were happy to remove it.
Here’s where the problems start though. Anyone who’s ever worked with WordPress before will tell you to be careful when deleting user accounts. There’s no fetching a deleted user out of the Trash and undeleting them. While posts and content attributed to the deleted user were supposed to be re-attributed to an anonymous account, it doesn’t always work like that.
You will notice I said “Approximately 1 year ago” we hired an agency to transition our site to WooCommerce. Well, it so happens it was just over 1 year since that particular agency user logged into our site and made any changes. WooCommerce noticed this and purged their account. Instead of everything they had done getting attributed to an anonymous account however, every image they ever uploaded was deleted. This resulted in most of the images for products in our store disappearing. For reasons unknown, the home page the agency had created was deactivated too, resetting the site to a basic blog layout.
Fortunately, when we upgraded the website we also hired Agent Media to help with looking after our WordPress site and for some custom development. A big thank you to Tim Sheehan who jumped in to help us at 9AM sharp this morning and was able to restore all the missing images from a recent database backup without us losing any customer orders or forum posts in the process.
So that’s what happened, trying to be responsible, GDPR compliant business basically bit us in the behind. The problem is fixed now and we will only be purging accounts manually (and with a high level of caution) going forward. Of course if you ever need personal information removing from our site (unless retention is required by law for tax reporting purposes) you can contact us here.