If you’re using Wordpress you should make sure that you’re using the latest version (at the moment 2.3.3) and that you’ve removed all the old files so no one can take advantage of a security leak in the old files. Shoemoney.com is reporting that people claim to have hidden links (or even iframes) injected into their latest installations of Wordpress.

Shoemoney.com says:

First I want to say I have never seen any evidence of a fresh 2.3.3 install of Wordpress.

The issue most likely comes from either a previous exploitable file still existing in your Wordpress install directory or from someone who has already hijacked your admin cookie. You see there were some wicked exploits in earlier versions that allowed people to hijack your admin cookie which authenticates you (keep me logged in).

So the advice is to always keep your installations up to date, change passwords regularly and to remove old files used in previous version of your installation. This is not only true for Word press, but for all installations on your server like for example phpBB.

A good idea is also to keep a backup on your database at some other location then your current server. Wordpress got a few good plugins that can email your database to you on a daily basis, or if you can you should setup so your web server is sending a backup of your entire site to some remote FTP account.

Popularity: 10% [?]

You may also be interested in...
No related posts

This entry was posted on Friday, March 21st, 2008 at 10:49 am and is filed under Wordpress. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.