Well, I found in my GoogleReader a post by Caroline Middlebrook from yesterday about her blog being taken down again by her host. Unfortunately, as I’m writing this and trying to link to it her blog is gone! So I will just try to recap what she was explaining.
Basically, she hadn’t secured her WordPress installations and her blogs became infected with a nasty Trojan. The virus hijacked her pages and redirected folks to pages full of ads and probably even malware. She said it was easy to remove (there was some rogue code in one of her themes which was easily deleted), but the problem was how to prevent from happening again? I’m going to leave it to Caroline to explain the following (once her blog is back up and safe):
- Older WordPress Versions are Dangerous
- Securing Files & Directories
- Installing WordPress Manually
Many of us use WordPress as our blogging platform. It’s easy to install and easy to use. I admit I still have versions of WordPress running the older versions (the one with the blue interface!). Check out my blogroll links on my WordPress 2.1.2 site – I didn’t add those in there, so how did they get in there? Luckily the theme I’m using doesn’t show the blogroll!
Your blog is your baby. Your blog is an expression of you and what you teach! And if you have discovered your blog was sick with viruses or plagues or other types of security issues, I’m sure reacted just as a scared parent should. Panic, hyperventilation, then frantic researching on how to make your baby better! Here is a link to the Hardening WordPress page, directly from the source. Please read the whole page, but really pay attention to the information on keeping WordPress up to date and reporting bugs. The folks at WordPress can’t help you if they don’t know what’s wrong.
Also, read the sections about securing the Admin page and securing by obscurity. This is one thing that really irks me about scripts such as WordPress. Everyone is using it, so everyone knows how to access your admin page. I admit, if I see a cool service and I think it might be a custom WordPress blog, I will take a peek to see if /wp-admin exists to satisfy my curiosity 
Usually, if it doesn’t affect the script, when I install a script that has an admin folder (like /wp-admin, /admin or /administrator), I will simply rename the directory.
A little off topic…
Lately, I’ve been experimenting with Blogger, and I have to say – I’m loving it. It’s easy to use and you can choose from a variety of templates. Nice users have converted many popular WordPress templates to work with Blogger. The two biggest benefits are you can use your own domain name and its F-R-E-E! As it’s gaining popularity as a “serious” blogging platform, there are plenty of folks making widgets for Blogger as well. Now, Blogger is no replacement for running a WordPress blog on your own server, but and I’m just guessing, it must be pretty secure (I mean its Google-owned an all).
And, no one can access your admin page! (just something to think about)
Follow me on Twitter: evelynwrites
Gwen,
Great to meet you on Facebook. Best wishes on your blogging challenge!
Follow me on Twitter: gwenatanner
In response to Evelyn’s comment:
Hi Evelyn,
Nice to meet you too and I will surely see you soon!
Thanks for visiting,
Gwen
Follow me on Twitter: melaniekissell
Gwen ~
I love Caroline Middlebrooks’s Blogger’s Bible! She’s an awesome expert in the blogosphere. I’m so sorry to hear about all the grief she’s been experiencing with the version of WordPress she’s running.
There was quite a big discussion lately on blogs and social media venues about NOT installing the latest version of WordPress. I installed it and I haven’t had any problems whatsoever. I do back up my files every Sunday evening, though. I just think it’s a good practice and a good habit to get into to. I’m big on “safety valves”.
So you’re experimenting with Blogger? Interesting. That’s the ONLY blogging platform I used for a long, long time. I loved it but it had definite drawbacks at the time. It sounds like they’re making some major changes and that’s great. I wasn’t aware that you could use your own domain with Blogger. Good news!
Write On,
Melanie
Melanie Kissell´s last blog ..Are People Unsubscribing From Your List
Follow me on Twitter: SheilaAtwood
As we get smarter at keeping up with the new up dates at WordPress and using free themes approved by WordPress.org. etc. The new target for hackers seems to be the hosting accounts.
I was wondering where Caroline went. My affiliate links to her have been buggy. But I do appreciate you sharing the lesson to learn.
You can check you sites to see if they have been hacked by using Google Webmaster tools.
Just add to your security list….use unique and different passwords on different sites. This includes your affiliate passwords.
Thanks for the link to the Harding WordPress Page. I am going there now and doing just what you said to do!