Has your WordPress Site been hacked?
PDF Recently one of my Websites was hacked (not this Website!). The hackers had managed to populate the WordPress site posts (Blogs) with iframes that redirected visitors to a suspicious Website. It appears that a SQL script was run on every post to replace the contents of the posts with the redirecting iframe (WordPress and all plugins were fully up-to-date with the latest patches). Fortunately my AVG security software detected the unwanted iframe which was prevalent on both the hacked Website and the Feedburner RSS feed from that Website.
I have no idea how the hackers accessed the database however I have learnt that using shared hosting (the hacked site was hosted with GoDaddy) may increased the chance of being hacked; if one of the shared Sites is hacked 
then it may be more simple for the hackers to gain access to the co-shared Sites.
Recovering from a hacked WordPress Website is a time-consuming task and if recent (unhacked) database backups aren’t available then, well, the trouble in recovering is multiplied significantly. There are some good articles out there describing how to recover from a hacked WordPress Site but, more than anything, preventing being hacked is far simpler than recovery. Here are six absolutely essentially tasks related to your Site and Malware:
- Create secure passwords (for WordPress, MySQL, FTP etc.) and change them occasionally.
- Keep WordPress, Plugins and Themes well as all software on your PC/MAC updated to the latest releases and patches.
- Backup your WordPress files and MySQL database regularly.
- Check every one of your Websites at least daily for any suspicious data or redirection (an easy way of doing this is subscribing to the RSS feed from your Site)
- If your Site has been hacked immediately take action to restore it.
- Advise the Search Engines of Malware recovery if necessary.
I am certainly looking forward to using VaultPress which should further minimise the chance of being hacked.
May 24, 2010 @ 07:43:02
Thanks for the info mate i do interfere at my work place with issues of customers sites being hacked and they arent able to do anythg main thing what as u suggested is to have ur db and wp backed up and have theme authencity checker to check ur theme files for any iframes or base64 eval urls.Havent tried vaultpress but use wp-db back up plugin to back up db
WordPress 3 – The Famous 2-Minute Install | Gary Eckstein
May 28, 2010 @ 19:57:08
[...] WP3 is just so simple to install and custom passwords can be entered right from the install (in WordPress 2, a changeable password would be assigned on initial [...]
WordPress gets more Secure | Gary Eckstein
Jul 11, 2010 @ 20:51:19
[...] while back I wrote about how one of my Sites was ‘hacked’ (the Posts were populated with iFrames). The hacking was nothing I could have prevented through [...]