I’d just finished writing up my post for Monday morning on Security Awareness when I happened to check my twitter feed. In it, I noticed Jay Datema (my editor at LJ for the article I wrote for them) let me know that my blog had been hit by spammers and – even more helpfully – he pointed me to a resource to get it fixed fast. I checked out the WordPress Footer Follies post he referenced and found the fix! Since there were a few differences between our fixes, I’ll post my abbreviated solution here as well. Read the post above for more commentary on the solution!
First, I found the call to an outside file in my footer and deleted it, found another one in my main index.php page, and deleted that one too. I looked for the extra files in wp-includes that Scott mentioned in his post and didn’t see ’em. I did find the extra code in the default-filters.php file in that directory, though, so I got rid of it. After making sure I got it all, I downloaded the most recent copy of WordPress (I know – should have done that a long time ago…) and uploaded it. I upgraded the blog, then started changing passwords. Now my domain, FTP and WordPress passwords are all different. And no, I won’t tell you what they are.
Now, I’ll be keeping a close eye on the blog and I’ll be upgrading much more regularly. I’d let it go to long, and I paid for it. If you haven’t upgraded – do it now!