WordPress hack leads to site problems.
I shouldn’t have picked up the voicemail. My day was going so well until then.
After dropping my daughter off at school around 8, I noticed a voicemail left about 15 minutes earlier. I picked it up to hear Elliot. Why was he calling so early? It couldn’t be good.
And it wasn’t. Elliot said he visited DNW and got a warning that the site had malicious code.
I hurried home and logged in to my email to find several messages form people saying they got the same warning. I had notes on Twitter as well.
Someone found a vulnerability in WordPress that enabled them to add a link to a .cn web site on DNW.
I quickly emailed Bradley over at SiteGraduate, who gave me some ideas on where to get started. Then I reached out to a mailing list I belong to and found a former co-worker to help me clean it up and upgrade WordPress to the latest version.
I’m still not sure what the exact vulnerability was, but suffice it to say you should always upgrade to the latest version of WordPress.
Many thanks to everyone for notifying me of the problem and helping me resolve it!