Stay up to date with our newest WordPress themes, WordPress plugins, WordPress tutorials, and other announcements.
I just stumbled upon this post about an exploit which allows a hacker/spammer to inject links and HTML into your WordPress installation. If you see a /wp-content/1/ directory in your FTP, you have likely been affected. Over 9000 other WordPress blogs are in the same boat.
As you can see, ringtones, gambling, the usual spammy stuff. I’m not going to directly link to these results as some of these links have been reported to be malware-infested. Definitely not a good idea to visit them. Google will likely penalize you if these spam links on your exploited site are crawled, so you should delete this directory ASAP along with all files under it if you see it.
As of yet, no official word from WordPress developers on this vulnerability has been released. Until then, it’s best to use good security practices (which should apply to all websites, not just WordPress-powered ones). Password protect your directories, don’t publish the version of the script you’re using, disable indexes on WordPress core directories – to name a few. I’ll be posting some general WordPress security tips up on Theme Lab soon.
Note: More information available on this WordPress.org support topic, where the exploit was initially reported.
About Leland Fiegel
Leland Fiegel was the original founder of ThemeLab. He is a web developer who loves WordPress and blogging.