The WordPress community has been shaken out of it’s smug superiority with the news that it is being targetted by hackers. Pete Cashmore’s Mashable site has put the word out on the web. And WordPress has released the news itself through the WordPress users CMS screens with the rather helpful inclusion of an instant upgrade to sort it out.
But WordPress gets hacked all the time. The problem is that it is so popular. Anyone with a modicum of web knowledge can set up a WordPress site and after that, a good many of them forget about their sites. I thought I would take a look at this site and upgrade it today and guess wha,t it had been hacked. There were some hidden links to drug websites. I clicked the upgrade link and not much happened. I noticed that the site was trying to reference a site called jobmarketeconomist[dot]com. Weird. I looked at that site and sure enough it was about the job market.
Then I looked it up on Google and the site description showed it as having lots to do with pharmaceutical stuff. And sure enough, once I looked at the source code for their page there were over 4000 hidden links to web pages from the grubby end of the pharmaceutical market.
Now this isn’t the great master hack that everyone has been talking about – our database seemed unaffected, and the links in the site were working, but it has been a sobering lesson. I take care to secure and update this site regularly, but some piece of work somewhere has managed to get a piece of software to find the site, get into it and start invisibly using it to send links to nasty websites.
Fortunately, we are able to take it apart and sort things out. But if you are not able to do this, stick to the hosted version of WordPress. Otherwise, visit your own site from time to time and keep it upgraded.