Older Versions of WordPress Hacked
July 2, 2008
If you're new here, you may want to subscribe to my RSS feed or by Email.
Thanks for visiting!
WordPress blogs are starting to get hacked in greater numbers lately. The problem is getting serious enough that the WordPress podcast recently addressed out of date WordPress blogs being hacked.
Even my good friend Mark Goodyear went to log into his blog and discovered that GoodWordEditing was hacked. In his case he couldn’t even log into the blog’s dashboard anymore.
Old WordPress Versions Vulnerable to Hacking
In Mark’s case, as is the case in the overwhelming majority (if not all) of cases, not keeping his WordPress installation current exposed his blog to hackers. In Mark’s case the hackers were going after his passwords.
The trend seems to be the hackers gain access via out of date blogs and insert some password snagging software. Then when the blogger realizes there’s a problem and finally get around to upgrading their WordPress the hackers can come back at their leisure and do whatever they want with the blog. If the blog owner doesn’t change his passwords, that is.
Mark changed his. All of them.
Fortunately for Mark I was able to recover his blog, find and remove the malicious code that the hackers added to his blog. We got him up and running normally over the weekend. He’s now secure and good to go.
Bad to Worse
If left unchecked hackers can put code on your site that will create problems for you with the search engines. As an example Skinny Moose Media has a blog called Main Outdoors Today that will show us what can happen.
If you Google “Maine Outdoors Today” you will get the results shown over on the right here.
Right underneath the page title in the listing is a notice that says “This site may harm your computer.”
If you happen to be a gutsy type and clicked through the listing anyway, recklessly unconcerned of the potential dangers to your computer, Google would direct you to the a page that looks like the image below. Read more
