If Your WordPress Was Hacked
June 20th, 2008A few releases back, WordPress had a vulnerability that many spam injection … bastards … took advantage of. I am not too proud to admit that I was myself a victim of this vulnerability, even though I update pretty religiously to the latest release of WordPress.
I noticed over the past few weeks that even though I had updated to the latest WordPress release, which is supposed to be free of vulnerabilities, I was repeatedly having spam links injected into the footer.php file in my theme. Frustrated, I went to some of my friends on the WordPress team, and they pointed me at a great article from Donncha O Caoimh:
Unfortunately for some who did upgrade, it was too late. The hacker slimeballs may have known about the security issues before we did and went about their merry way breaking into blogs and websites, grabbing usernames and passwords, and planting backdoor scripts to log them in again at a later date.
In this article, Donncha gives an extremely thorough and authoritative treatment of the problem. If you have been the victim of this nasty attack, or even if you don’t know whether you have, it would be worthwhile to review the article and see how your WordPress install stands up to the scrutiny suggested there.
June 20th, 2008 at 6:32 pm
“which is supposed to be free of vulnerabilities”
I think it’s naïve to think that ANY piece of software is free from vulnerabilities.
Thanks for the link though!
June 20th, 2008 at 6:50 pm
OK – I sort of knew I was asking for a nitpick when I wrote that :) But I’d like to convey the important point here: if you’re having trouble with 2.5.1 it’s probably because of some insidious residual infection, not because of a new attack which occurred after you updated.
June 21st, 2008 at 1:29 pm
Thanks for linking to that post, and good talking to you on IRC!