I am seriously starting to question the security features built into WordPress. Last year somebody managed to take advantage of an exploit and used it to infect my website with porn pages. This got me reported to several of the “safe surf” search engines and my page got blocked. Once I figured out what happened it didn’t take long to fix it, and I made sure I updated everything so that it was safe and secure.
Unfortunately it happened again two weeks ago. I noticed that my blog page had been blocked by Google and my hosting provider sent me a nice little note that said my account would be suspended if I didn’t fix it. Again I went through and make sure everything was clean and up-to-date and I removed all the crap files and that was fine. Today I accidentally clicked on the link to my blog and found out it had been blocked again. Or perhaps it was the same block from two weeks ago – I never actually went back and checked. This time I asked my hosting provider support people to scan my website and make sure that everything on there was in fact clean. Their scan came back with a crap load of infected PHP and HTML pages. So much for the plug-in scanner that’s installed into my WordPress blog. It came back and insisted that everything was fine when in fact just about every single WordPress file had been infected by something. Their scanner attempted to remove the infection but in the process broke most of the blog, so I downloaded the latest version, reuploaded it and reinstalled everything. Far as I can tell no content was lost.
We’re still not sure exactly how the infection happened in the first place but apparently it had been there for some time and went unnoticed. Even though I changed all the passwords for all my admin accounts somehow they still managed to get in. Tech-support confirmed that everything on my site is now clean but honest to God if this happens again I’m shutting down the blog and moving it to the WordPress.org public site or changing the blog software entirely. I don’t even update this blog all that much anymore and I doubt anybody even reads it so I’m not sure why I’m bothering to post this update. But there you have it.