An Old WordPress Version Can Get You Banned In Google
Imagine if a customer searching for your one of your top keywords in Google, and instead of finding your blog was greeted with this:
Over the past couple of weeks this is what has happened to many WordPress blog owners. Forums are filled with desperate and bewildered bloggers who don’t know what happened or how to fix the problem.
The root cause of these problems is a bug in a WordPress file called xmlrpc.php. This is not the first, nor the last, WordPress security issue. But in this case the bad guys are systematically exploiting the bug.
Automated scripts scan the Internet for vulnerable WordPress blogs. When they find one, a small snipped of HTML is added to an old blog post. This HTML snippet is an IFRAME that retrieves data from a server with the innocent looking name wp-stats-php.info. At first glance this may look like some server collecting WordPress stats. It isn’t. This web site, seemingly based in China, is part of the growing underground economy of badware. Their role in the ecosystem is to install IFRAMES on as many web sites as possible. They will then most likely sell their “iframe service” to another company that wants to install a small piece of bad software on as many computer as possible. Currently it looks like the payload they are distributing is a virus. But it could easily be changed to a trojan keylogger or a program that turns your computer into a node in a botnet. Pretty bad stuff; so Google is right in warning users from visiting hacked sites.
But what does that mean to you as a WordPress blogger?
With the millions of WordPress blogs out there, these criminals have found fertile ground for their exploits. Unless you have updated your WordPress blog to the latest version – 2.3.3 – you are exposed to this threat.
I know that I may sound like yet another security expert crying wolf again. In this case the threat is very real. Just ask one of the many bloggers who have been affected. In the very linked blogosphere it’s just a matter of time before the bad guys follow the links to your blog.
Here are some recent horror stories, should you need more convincing:
Even if the current outfit behind wp-stats-php.info is shutdown, there are others who are gearing up their operations.
What should you do?
- Backup your WordPress files and database
- Upgrade to WordPress 2.3.3
- Check your blog to make sure you haven’t already been infected
If you have done many customizations to your blog (theme and/or plugins) and you’re afraid something will break with the upgrade to 2.3.x, then at least install the latest version of the xmlrpc.php file. You can download it here and just FTP it over the existing file in your root WordPress directory.
More to come on this topic…
Has Your WordPress Blog Already Been Hacked? (Do You Know?)
Why use BlueHost for your WordPress blog?