Wordpress Blackhole Exploit?
Just got hit with this yesterday evening.
AVG alerted me when I visited my site. A bit of code was inserted into the header.php file of every theme I had installed. I removed that chunk of code, and checked my site again. That time, a different warning popped up about a javascript that I had installed (which had been working just fine for many months). I removed that javascipt file and that seemed to fix the problem.
File permissions don't seem to have been changed, and to be safe I changed all of my passwords.
How did this happen? I thought I had WP locked down pretty well, so how did they manage to edit files on my server? Was this done at random in some sort of mass attack, or could it have been a single person doing this maliciously?
Could someone explain to me the basics behind this attack and maybe give me some security tips I may not have thought of yet?
Thanks in advance,
~TT
|