Would you believe it? WordPress is getting injected with malicious code, displayed in a one-pixel by one-pixel iframe. How do I know? I just barely removed the offensive code, that’s how.
At first, I thought it was just one of those false alarms from my virus scanner software when I looked at my own blog on my own computer and received a threat alert. Then, I thought, it might not show up when I try looking at my blog from work. Wrong!
What happened? Someone with specific goals in life and great memories of a loving childhood decided to inject single WordPress blog entries with malicious code. You can follow at least one of the discussions in the WordPress support forum.
wordpress.org/support/topic/134928
As a result, if somebody Googles a topic that shows up on an infected blog, you will see a message stating, “This web site may harm your computer.” Hmmmm, not exactly a confidence booster, if you ask me. Luckily, there is an antidote.
1. Upgrade to the latest version of WordPress.
Before you upgrade, make sure you back up everything (as in e-v-e-r-y-t-h-i-n-g). Then follow the straightforward upgrade instructions.
codex.wordpress.org/Upgrading_WordPress
2. Remove any injection codes from blog entries.
To remove the malicious code, open your blog in a web browser, then view the source. Search for the following code:
Then go to your blog editing tool and delete that code. Most likely, this should only affect individual posts.
If anyone has any additional information concerning this issue, please let me know.
Republished by Blog Post Promoter
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.