WordPress Blogs Hacked with Malware

by Developer.com Staff

WordPress blogs have been hacked with malware code inserted into templates. The security hole has yet to be determined, but the attack is affecting shared hosting sites such as GoDaddy, Bluehost and Dreamhost.

According to several reports, shared hosting sites such as GoDaddy, Blue Host and DreamHost have had their customer's open source WordPress blogs hacked.

On Friday, reports started coming in about a WordPress attack in which malware code was being inserted into WordPress templates.

The attack has only affected WordPress blogs on shared hosting sites, no private server WordPress installs have reportedly been hit.

Initially, the attack was believed to be targeting only older versions of WordPress.

"The bottom line resolution is to be sure you have the most up-to-date versions of your applications within your entire hosting account," GoDaddy Chief Information Security Officer Todd Redfoot said in a statement to customers on Friday.

However, David Dede reported on his Sucuri Security blog, "We are seeing multiple reports today of WordPress sites (running their latest version) getting compromised."

As of Monday, it remains unclear where the security leak is coming from.

"I am assuming that if the problem was on WordPress itself," Dede said, "the number of infected sites would be much much bigger. Maybe a plugin is vulnerable or someone stole lots of passwords."

If you believe your site could be compromised, be careful visiting your site because you could get infected with the malware. Information on how to clean up your blog can be found here.

This article was originally published on Monday May 10th 2010
Mobile Site | Full Site