If Your WordPress Was Hacked

June 20th, 2008

A few releases back, WordPress had a vulnerability that many spam injection … bastards … took advantage of. I am not too proud to admit that I was myself a victim of this vulnerability, even though I update pretty religiously to the latest release of WordPress.

I noticed over the past few weeks that even though I had updated to the latest WordPress release, which is supposed to be free of vulnerabilities, I was repeatedly having spam links injected into the footer.php file in my theme. Frustrated, I went to some of my friends on the WordPress team, and they pointed me at a great article from Donncha O Caoimh:

Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known about the security issues before we did and went about their merry way breaking into blogs and websites, grabbing usernames and passwords, and planting backdoor scripts to log them in again at a later date.

In this article, Donncha gives an extremely thorough and authoritative treatment of the problem. If you have been the victim of this nasty attack, or even if you don’t know whether you have, it would be worthwhile to review the article and see how your WordPress install stands up to the scrutiny suggested there.

3 Responses to “If Your WordPress Was Hacked”

  1. Mark Says:

    “which is supposed to be free of vulnerabilities”

    I think it’s na├»ve to think that ANY piece of software is free from vulnerabilities.
    Thanks for the link though!

  2. Daniel Jalkut Says:

    OK – I sort of knew I was asking for a nitpick when I wrote that :) But I’d like to convey the important point here: if you’re having trouble with 2.5.1 it’s probably because of some insidious residual infection, not because of a new attack which occurred after you updated.

  3. Donncha O Caoimh Says:

    Thanks for linking to that post, and good talking to you on IRC!

Comments are Closed.

Follow the Conversation

Stay up-to-date by subscribing to the Comments RSS Feed for this entry.