Our server was hit by a wordpress worm spamming our posts and pages with external links. You would think that the spam filter Akismet would catch all of this spam but sadly this worm isn’t spamming the comments form, it’s actually logging into your wordpress website and adding “invisible” links in your content.
This can get your website blacklisted by Google and other search engines. When search engines find excessive links to the same url within your content, it’s seen as a “fishing website” which is essentially a fake website in their eyes… one used to redirect traffic.
The WordPress community has released security updates in version 2.8.5 but advises to install the WordPress Exploit Scanner to determine whether or not your wordpress website is at risk of a similar worm. The plugin will only report your security exploits. It will not fix your security exploits.
Examples of an exploit would be having your website configured with some of the default settings such as the user name “admin” or table prefix “epk_209_“. These are often used by hacking programs that count on users not customizing such settings.
It’s the same story with your wifi home networking that has the user name and password of “admin” & “admin” fresh out of the box. This is often “exploited” by people living in your area who leech off of your connection because you never customized your user name and password.
If you have never had a security scan of your wordpress website then you are likely to have several security exploits that need be fixed. To have us perform a security check on your website and fix all wordpress exploits, please contact me for a free quote.